Method and system for delivering encrypted content with associated geographical-based advertisements

ABSTRACT

A method, a system and computer readable medium at an electronic digital content store, such as a web site, for associating advertisement with digital content. The geographic location of the end user device receiving the encrypted digital content is determined using an address verification system. Advertisement is selected to be associated with the delivery of encrypted digital content if the address verification system returns an address in a predetermined geographic region. The address verification system includes the IP address of the end user device, the country codes found in the trace routes to the IP address, and the billing address.

CROSS-REFERENCE TO RELATED APPLICATIONS

Not Applicable

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention disclosed broadly relates to the field of electroniccommerce and more particularly to a system and related tools for thesecure delivery and rights management of digital assets, such as printmedia, films, games, and music over computer readable medium such as CDSand DVDs and over global communications networks such as the Internetand the World Wide Web including advertisements based upon geographicallocation of end-user devices.

2. Description of the Related Art

The use of global distribution systems such as the Internet fordistribution of digital assets such as music, film, computer programs,pictures, games and other content continues to grow. At the same timeowners and publishers of valuable digital content have been slow toembrace the use of the Internet for distribution of digital assets forseveral reasons. One reason is that owners are afraid of unauthorizedcopying or pirating of digital content. The electronic delivery ofdigital content removes several barriers to pirating. One barrier thatis removed with electronic distribution is the requirement of thetangible recordable medium itself(e.g., diskettes or CD ROMs). It costsmoney to copy digital content onto tangible media, albeit, in many casesless than a dollar for a blank tape or recordable CD. However, in thecase of electronic distribution, the tangible medium is no longerneeded. The cost of the tangible medium is not a factor because contentis distributed electronically. A second barrier, is the format of thecontent itself i.e. is the content stored in an analog format versus adigital format. Content stored in an analog format, for example, aprinted picture, when reproduced by photocopying, the copy is of lesserquality than the original. Each subsequent copy of a copy, sometimescalled a generation, is of less quality than the original. Thisdegradation in quality is not present when a picture is storeddigitally. Each copy, and every generation of copies can be as clear andcrisp as the original. The aggregate effect of perfect digital copiescombined with the very low cost to distribute content electronically andto distribute content widely over the Internet makes it relatively easyto pirate and distribute unauthorized copies. With a couple ofkeystrokes, a pirate can send hundreds or even of thousands of perfectcopies of digital content over the Internet. Therefore a need exists toensure the protection and security of digital assets distributedelectronically.

Providers of digital content desire to establish a secure, globaldistribution system for digital content that protects the rights ofcontent owners. The problems with establishing a digital contentdistribution system includes developing systems for digital contentelectronic distribution, rights management, and asset protection.Digital content that is distributed electronically includes content suchas print media, films, games, programs, television, multimedia, andmusic.

The deployment of an electronic distribution system provides the digitalcontent providers the ability to achieve fast settlement of paymentthrough immediate sales reporting and electronic reconciliation as wellas gain secondary sources of revenue through redistribution of content.Since the electronic digital content distribution system is not affectedby physical inventory outages or returns, the digital content providersand retailers may realize reduced costs and improved margins. Digitalcontent providers could facilitate new, or augment existing,distribution channels for better timed-release of inventory. Thetransactional data from the electronic distribution system could be usedto obtain information regarding consumer buying patterns as well as toprovide immediate feedback on electronic marketing programs andpromotions. In order to meet these goals, a need exists for digitalcontent providers to use an electronic distribution model to makedigital content available to a wide range of users and businesses whileensuring protection and metering of digital assets.

Other commercially available electronic distribution systems for digitalcontent, such as real audio, A2B from AT&T, Liquid Audio Pro from LiquidAudio Pro Corp., City Music Network from Audio Soft and others offertransmission of digital data over secured and unsecured electronicnetworks. The use of secured electronic networks greatly reduces therequirement of digital content providers of distributing digital to awide audience. The use of unsecured networks such as the Internet andWeb allows the digital content to arrive to an end-user securely such asthrough the use of encryption. However, once the encrypted digitalcontent is de-encrypted on the end-user's machine, the digital contentis readily available to the end-user for unauthorized re-distribution.Therefore a need exists for a secure digital content electronicdistribution system that provides protection of digital assets andensures that the Content Provider(s)' rights are protected even afterthe digital content is delivered to consumers and businesses. A needthus exists for rights management to allow for secure delivery,licensing authorization, and control of the usage of digital assets.

Another reason owners of digital content have been slow to embraceelectronic distribution is their desire to maintain and foster existingchannels of distribution. Most content owners sell through retailers. Inthe music market these U.S. retailers include Tower Records, Peaches,Blockbuster, Circuit City and others. Many of these retailers have Websites that allow Internet users to makes selections over the Internetand have selections mailed to the end-user. Example music Web sitesinclude @tower, Music Boulevard and Columbia House. The use ofelectronic distribution can remove the ability of the retail stores fromdifferentiating themselves from each other and differentiate themselvesfrom the content owners, especially on the Web. Therefore a need existsto provide retailers of electronic content such as pictures, games,music, programs and videos a way to differentiate themselves from eachother and the content owners when selling music through electronicdistribution.

Content owners prepare their digital content for electronic distributionthrough distribution sites such as electronic stores. Electronic storeson the Internet, or through other online services, want to differentiatethemselves from each other by their product offerings and productpromotions. A traditional store, i.e.—the non-electronic, non-onlineanalogs to electronic stores—use product promotions, product sales,product samples, liberal return policies and other promotional programsto differentiate themselves from their competitors. However, in theonline world where the content providers impose usage conditions on thedigital content, the ability of electronic stores to differentiatethemselves maybe severely limited. Moreover, even if the usageconditions can be changed, electronic stores are faced with thedifficult task of processing the metadata associated with the digitalcontent from the content providers to promote and sell productselectronically. Electronic stores need to manage several requirementswhen processing the metadata. First, the electronic store is required toreceive the metadata associated with the digital content from thecontent providers. Many times, parts of this metadata may be sentencrypted, so the content provider must create a mechanism to decryptthe encrypted content. Second, the electronic store may wish to previewmetadata from the content provider either before the content is receivedfrom the content provider or after the content is received by theelectronic store, in order to assist with product marketing, productpositioning and other promotional considerations for the content. Third,the electronic store is required to extract certain metadata used forpromotional materials such as graphics and artist information. Often,this promotional material is used directly by the electronic store inits online promotions. Fourth, the electronic stores may wish todifferentiate themselves from one another by modifying some of thepermitted usage conditions to create different offerings of the digitalcontent. Fifth, the electronic store may have to insert or alter certainaddress, such as URLs, in the metadata to direct payment reconciliationto an account reconciliation house automatically by the purchaserwithout the need to go through the electronic store for paymentclearance. Sixth, the electronic store may need to create licenses forthe permitted use of the copyrighted digital content that match usageconditions. For example, the license may grant the permission to make alimited number of copies of the digital content. A license is needed toreflect the terms and conditions of the permission granted.

In light of all these requirements, to process the metadata related tothe digital content, many electronic stores write customized softwareprograms to handle these requirements. The time, cost and testing neededto create these customized software programs can be large. Accordingly,a need exists to provide a solution to these requirements.

Still, another reason owners of digital content have been slow toembrace electronic distribution is the difficulty in preparing contentfor electronic distribution. Today, many providers of content havethousands or even tens of thousands of titles in their portfolio. In amusic example, it is not unusual for a content owner to have a singlemaster sound recording available on several different formatssimultaneously (e.g. CD, tape and MiniDisc). In addition, a singleformat can have a master sound recording re-mastered or re-mixed for aspecific distribution channel. As an example, the mixing for broadcastradio maybe different than the mixing for a dance club soundtrack, whichmay be different than a generally available consumer CD. Inventoryingand keeping track of these different mixes can be burdensome. Moreover,many owners of master recordings often times re-issue old recordings invarious subsequent collections, such as “The Best Of”, or incompilations for musical sound tracks to movies and other collections orcompilations. As more content is offered digitally, the need to re-mixand encode the content for electronic distribution grows. Many timesproviders need to use old recording formats as guides to select thecorrect master sound recordings and have these sound recordingsreprocessed and encoded for release for electronic distribution. Thismaybe especially true for content providers that wish to use their oldformats to assist them in re-releasing the old sound recording forelectronic distribution. Providers will look through databases to matchup titles, artists and sound recordings to set the encoding parameters.This process of manually searching databases for recording portfolios isnot without its shortcomings. One shortcoming is the need to have anoperator manually search a database and set the processing parametersappropriately. Another shortcoming is the possibility of operatortranscription error in selecting data from a database. Accordingly, aneed exists to provide content providers a method to automaticallyretrieve associated data and master recordings for content such asaudio.

Content owners prepare their digital content for electronic distributionthrough a process known as encoding. Encoding involves taking thecontent, digitizing it, if the content is presented in an analog format,and compressing it. The process of compressing allows the digitalcontent to be transferred over networks and stored on recordable mediummore efficiently because the amount of data transmitted or stored isreduced. However, compression is not without its shortcomings. Mostcompression involves the loss of some information, and is called lossycompression. Content providers must make decisions on what compressionalgorithm to use and the compression level required. For example, inmusic, the digital content or song may have very differentcharacteristics depending on the genre of the music. The compressionalgorithm and compression level selected for one genre may not be theoptimal choice for another genre of music. Content providers may findcertain combinations of compression algorithms and compression levelswork very well for one genre of music, say classical, but provideunsatisfactory results for another genre of music such as heavy metal.Moreover, audio engineers must often equalize the music, perform dynamicrange adjustments and perform other preprocessing and processingsettings to ensure the genre of music encoded produces the desiredresults. The requirement to always have to manually set these encodingparameters such as setting the equalization levels and the dynamic rangesettings for each digital content can be burdensome. Returning to themusic example, a content provider for music with a collection covering avariety of musical genre would have to manually select for each song orset of songs to be encoded, the desired combination of encodingparameters. Accordingly, a need exists to overcome the need for manuallyselection of process parameters for encoding.

The process to compress content can require a large amount of dedicatedcomputational resources, especially for larger content items such asfull-length feature movies. Providers of compression algorithms offervarious tradeoffs and advantages associated with their compressiontechniques. These tradeoffs include: the amount of time andcomputational resources needed to compress the content; the amount ofcompression achieved from the original content; the desired bit rate forplayback; the performance quality of the compressed content; and otherfactors. Using an encoding program which take as input a multimedia fileand generate an encoded output file with no interim indication ofprogress or status is a problem. Moreover, in many circumstances, otherprograms are used to call or to manage an encoding program with nointerim indication of progress. This leaves the calling application withno way to gauge the amount of content that has been encoded as apercentage of the entire selection of designated to be encoded. Incircumstances where the calling program is trying to schedule severaldifferent programs to run at once this can be a problem. Furthermore,this can be especially burden some in cases where batches of contenthave been selected for encoding and the content provider wants todetermine the progress of the encoding process. Accordingly, a needexists to overcome these problems.

Still another reason digital content providers have been slow to adoptelectronic distribution for their content is lack of standards forcreating digital players on end-user devices for electronicallydelivered content. Content providers, electronic stores, or others inthe electronic distribution chain may want to offer customized playerson a variety of devices such as PCS, set-top boxes, hand-held devicesand more. A set of tools that can handle the decryption of the digitalcontent in a tamper resistant environment, that is, an environment todeter the unauthorized access to the content during playing by a thirdparty is needed. Moreover, a set of tools is needed to enable an enduser to manage of a local library of digital content without allowingthe end user to have access to the content for uses other than what waspurchased.

Still, another problem is with digital content electronic distributionsystems is the length of time it takes to download content over standardtelephone and cable lines. It is not uncommon for music that iscompressed to be downloaded over telecommunication lines to take 15minutes or more to download over standard telephone lines. The amount oftime necessary for downloading video is even higher. Although otherhigher bandwidth delivery systems such as cable Internet access andbroadband is growing in popularity, these system are still not widelyavailable in many towns and cities. Furthermore, many of the higherbandwidth delivery systems may cost both the provider of digital contentand the buyer of digital content high costs because of connect time.Accordingly, a need exists for a method and apparatus to deliverycontent in a secured manner which has many of the advantages ofelectronic distribution without the need for large bandwidthtelecommunications connections. The providing of a solution fordistribution of digital content both over telecommunications line and oncomputer readable may result in two disparate systems being deployed. Aneed exists for a system that provides the distribution of digitalcontent either via a telecommunications line or via computer readablemedium without having to duplicate the tools and components for: (1)rights management for the protection of ownership rights of the contentproprietor; (2) transaction metering for immediate and accuratecompensation; and (3) an open architecture.

Further information on the background of protecting digital content canbe found from the following three sources. “Music on the Internet andthe Intellectual Property Protection Problem” by Jack Lacy, JamesSnyder, David Maher, of AT&T Labs, Florham Park, N.J. available onlineURL http://www.a2bmusic.com/about/papers/musicipp.htm. Cryptographicallyprotected container, called DigiBox, in the article “Securing theContent, Not the Wire for Information Commerce” by Olin Sibert, DavidBernstein and David Van Wie, InterTrust Technologies Corp. Sunnyvale,Calif. available online URLhttp://www.intertrust.com/architecture/stc.html. And “CryptolopeContainer Technology”, an IBM White Paper, available online URLhttp:///cyptolope.ibm.com/white.htm.

Content providers and advertisers often provide advertisement atshopping sites, such as web stores, where end users shop and orderelectronic content. Advertisement can be in the form of promotions, orcross-selling of products and services. Advertisement is a known methodto increase revenues through affiliations, banner adds, wallpaperadvertisement and the like on web pages. Although advertisement isuseful, is not without its shortcomings.

One shortcoming when distributing advertisement to a geographicallyexpansive marketplace is that the product or service being advertised isnot available in the end user's location because of national or regionallaws (such as contests) or because or restrictions based upon nationalmores and customs such as sexual suggestive material in conservativecountries. Advertisers want to target their advertisements to certaingeographical regions. Accordingly, a need exists for a method and asystem to provide geographic advertisement to end users receivingencrypted digital content over non-secure telecommunications lines suchas the Internet.

Another shortcoming when distributing advertisement to a geographicallyexpansive marketplace is that the advertisement is not tailored toelectronic content when is downloaded from a web site. Often timescookies and other known mechanisms are used but this targeting onlyoccurs while the user is browsing a web site such as an electronicstore. However, once the content is ordered for download, the targetingis lost. In other words, once the end user downloads content, thetargeting of advertisement that is downloaded with the content is nolonger provided. Accordingly, a need exists for a method and system toprovide targeting of advertisement for content that is downloaded from aweb site.

SUMMARY OF THE INVENTION

Briefly according to the present invention, a method, a system andcomputer readable medium at an electronic digital content store, such asa web site, for associating advertisement with digital content. Thegeographic location of the end user device receiving the encrypteddigital content is determined using an address verification system.Advertisement is selected to be associated with the delivery ofencrypted digital content if the address verification system returns anaddress in a predetermined geographic region. The address verificationsystem includes the IP address of the end user device, the country codesfound in the trace routes to the IP address, and the billing address.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an over view of a Secure DigitalContent Electronic Distribution System according to the presentinvention.

FIG. 2 is a block diagram illustrating an example Secure Container (SC)and the associated graphical representations according to the presentinvention.

FIG. 3 is a block diagram illustrating an overview of the encryptionprocess for a Secure Container (SC) according to the present invention.

FIG. 4 is a block diagram illustrating an overview of the de-encryptionprocess for a Secure Container (SC) according to the present invention.

FIG. 5 is a block diagram illustrating an overview of the layers for theRights Management Architecture of the Secure Digital ContentDistribution System of FIG. 1 according to the present invention.

FIG. 6 is a block diagram illustrating an overview of the ContentDistribution and Licensing Control as it applies to the License ControlLayer of FIG. 5.

FIG. 7 is an illustration of an example user interface for the Work FlowManager Tool of FIG. 1 according to the present invention.

FIG. 8 is a block diagram of the major tools, components and processesof the Work Flow Manager corresponding to the user interface in FIG. 7according to the present invention.

FIG. 9 is a block diagram illustrating the major tools, components andprocesses of an Electronic Digital Content Store of FIG. 1 according tothe present invention.

FIG. 10 is a block diagram illustrating the major components andprocesses of an End-User Device(s) of FIG. 1 according to the presentinvention.

FIG. 11 is a flow diagram of a method to calculate an encoding ratefactor for the Content Preprocessing and Compression tool of FIG. 8according to the present invention.

FIG. 12 is a flow diagram of a method to automatically retrieveadditional information for the Automatic Metadata Acquisition Tool ofFIG. 8 according to the present invention.

FIG. 13 is a flow diagram of a method to automatically set thePreprocessing and Compression parameters of the Preprocessing andCompression Tool of FIG. 8 according to the present invention.

FIG. 14 is an example of user interface screens of the PlayerApplication downloading content to a local library as described in FIG.15 according to the present invention.

FIG. 15 is a block diagram illustrating the major components andprocesses of a Player Application running on End-User Device of FIG. 9according to the present invention.

FIG. 16 is an example user interface screens of the Player Applicationof FIG. 15 according to the present invention.

FIG. 17 is a flow diagram of an alternate embodiment to automaticallyretrieve additional information for the Automatic Metadata AcquisitionTool of FIG. 8 according to the present invention.

FIG. 18 is a block diagram of an alternative embodiment of FIG. 10 todistribute content on a computer readable storage medium, according tothe present invention.

FIG. 19 is a flow diagram of the alternative embodiment of FIG. 18 foracquiring rights to digital content, according to the present invention.

FIG. 20 is a block diagram of the alternative embodiment of FIG. 2illustrating a Verify Tag in the Usage Conditions, according to thepresent invention.

FIG. 21 is a flow diagram illustrating the association of theadvertisement based upon a geographical location of the end user,according to the present invention.

FIG. 22 is a block diagram of the alternative embodiment of FIG. 6illustrating a Geographically Associated Advertisement, according to thepresent invention.

FIG. 23 is a flow diagram illustrating the rendering of theadvertisement geographically associated with end user, according to thepresent invention.

DETAILED DESCRIPTION OF AN EMBODIMENT

A Table of Contents is provided for this present invention to assist thereader in quickly locating different sections in this embodiment.

I. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEM A. SystemOverview 1. Rights Management 2. Metering 3. Open Architecture B. SystemFunctional Elements 1. Content Provider(s) 2. Electronic Digital ContentStore(s) 3. Intermediate Market Partners 4. Clearinghouse(s) 5. End-UserDevice(s) 6. Transmission Infrastructures C. System Uses II.CRYPTOGRAPHY CONCEPTS AND THEIR APPLICATION TO THE SECURE DIGITALCONTENT ELECTRONIC DISTRIBUTION SYSTEM A. Symmetric Algorithms B. PublicKey Algorithms C. Digital Signature D. Digital Certificates E. Guide ToThe SC(s) Graphical Representation F. Example of a Secure ContainerEncryption III. SECURE DIGITAL CONTENT ELECTRONIC DISTRIBUTION SYSTEMFLOW IV. RIGHTS MANAGEMENT ARCHITECTURE MODEL A. Architecture LayerFunctions B. Function Partitioning and Flows 1. Content Formatting Layer2. Content Usage Control Layer 3. Content Identification Layer 4.License Control Layer C. Content Distribution and Licensing Control V.SECURE CONTAINER STRUCTURE A. General Structure B. Rights ManagementLanguage Syntax and Semantics C. Overview of Secure Container Flow andProcessing D. Metadata Secure Container 620 Format F. Offer SecureContainer 641 Format F. Transaction Secure Container 640 Format G. OrderSecure Container 650 Format H. License Secure Container 660 Format I.Content Secure Container Format VI. SECURE CONTAINER PACKING ANDUNPACKING A. Overview B. Bill of Materials (BOM) Part C. Key DescriptionPart VII. CLEARINGHOUSE(S) A. Overview B. Rights Management ProcessingC. Country Specific Parameters D. Audit Logs and Tracking E. Reportingof Results F. Billing and Payment Verification G. Retransmissions VIII.CONTENT PROVIDER A. Overview B. Work Flow Manager 1. Products AwaitingAction/Information Process 2. New Content Request Process 3. AutomaticMetadata Acquisition Process 4. Manual Metadata Entry Process 5. UsageConditions Process 6. Supervised Release Process 7. Metadata SC(s)Creation Process 8. Watermarking Process 9. Preprocessing andCompression Process 10. Content Quality Control Process 11. EncryptionProcess 12. Content SC(s) Creation Process 13. Final Quality AssuranceProcess 14. Content Dispersement Process 15. Work Flow Rules C. MetadataAssimilation and Entry Tool 1. Automatic Metadata Acquisition Tool 2.Manual Metadata Entry Tool 3. Usage Conditions Tool 4. Parts of theMetadata SC(s) 5. Supervised Release Tool D. Content Processing Tool 1.Watermarking Tool 2. Preprocessing and Compression Tool 3. ContentQuality Control Tool 4. Encryption Tool E. Content SC(s) Creation ToolF. Final Quality Assurance Tool G. Content Dispersement Tool H. ContentPromotions Web Site I. Content Hosting 1. Content Hosting Sites 2.Content Hosting Site(s) 111 provided by the Secure Digital ContentElectronic Distribution System IX. ELECTRONIC DIGITAL CONTENT STORE(S)A. Overview - Support for Multiple Electronic Digital Content Store(s)B. Point-to-Point Electronic Digital Content Distribution Service 1.Integration Requirements 2. Content Acquisition Tool 3. TransactionProcessing Module 4. Notification Interface Module 5. AccountReconciliation Tool C. Broadcast Electronic Digital Content DistributionService X. END-USER DEVICE(S) A. Overview 1. Delivery OverTelecommunications Infrastructure 2. Delivery Over A Computer ReadableMedium 3. Delivery to A Third Party from an End User B. ApplicationInstallation C. Secure Container Processor D. The Player Application 1.Overview 2. End-User Interface Components 3. Copy/Play ManagementComponents 4. Decryption 1505, Decompression 1506 and PlaybackComponents 5. Data Management 1502 and Library Access Components 6.Inter-application Communication Components 7. Other MiscellaneousComponents 8. The Generic Player 9. Digital Content Library Manager

I. Secure Digital Content Electronic Distribution System

A. System Overview

The Secure Digital Content Electronic Distribution System is a technicalplatform that encompasses the technology, specifications, tools, andsoftware needed for the secure delivery and rights management of DigitalContent and digital content-related content to an end-user, clientdevice. The End-User Device(s) include PCS, set top boxes (RDs), andInternet appliances. These devices may copy the content to externalmedia or portable, consumer devices as permitted by the contentproprietors. The term Digital Content or simply Content, refers toinformation and data stored in a digital format including: pictures,movies, videos, music, programs, multimedia and games.

The technical platform specifies how Digital Content is prepared,securely distributed through point-to-point and broadcastinfrastructures (such as cable, Internet, satellite, and wireless)licensed to End-User Device(s), and protected against unauthorizedcopying or playing. In addition, the architecture of the technicalplatform allows for the integration and migration of varioustechnologies such as watermarking, compression/encoding, encryption, andother security algorithms as they evolve over time.

The base components of the Secure Digital Content ElectronicDistribution System are: (1) rights management for the protection ofownership rights of the content proprietor; (2) transaction metering forimmediate and accurate compensation; and (3) an open and well-documentedarchitecture that enables Content Provider(s) to prepare content andpermit its secure delivery over multiple network infrastructures forplayback on any standard compliant player.

1. Rights Management

Rights management in the Secure Digital Content Electronic DistributionSystem is implemented through a set of functions distributed among theoperating components of the system. Its primary functions include:licensing authorization and control so that content is unlocked only byauthorized intermediate or End-User(s) that have secured a license; andcontrol and enforcement of content usage according to the conditions ofpurchase or license, such as permitted number of copies, number ofplays, and the time interval or term the license may be valid. Asecondary function of rights management is to enable a means to identifythe origin of unauthorized copies of content to combat piracy.

Licensing authorization and control are implemented through the use of aClearinghouse(s) entity and Secure Container (SC) technology. TheClearinghouse(s) provides licensing authorization by enablingintermediate or End-User(s) to unlock content after verification of asuccessful completion of a licensing transaction. Secure Containers areused to distribute encrypted content and information among the systemcomponents. A SC is a cryptographic carrier of information or contentthat uses encryption, digital signatures, and digital certificates toprovide protection against unauthorized interception or modification ofelectronic information and content. It also allows for the verificationof the authenticity and integrity of the Digital Content. The advantageof these rights management functions is that the electronic DigitalContent distribution infrastructure does not have to be secure ortrusted. Therefore allowing transmission over network infrastructuressuch as the Web and Internet. This is due to the fact that the Contentis encrypted within Secure Containers and its storage and distributionare separate from the control of its unlocking and use. Only users whohave decryption keys can unlock the encrypted Content, and theClearinghouse(s) releases decryption keys only for authorized andappropriate usage requests. The Clearinghouse(s) will not clear bogusrequests from unknown or unauthorized parties or requests that do notcomply with the content's usage conditions as set by the contentproprietors. In addition, if the SC is tampered with during itstransmission, the software in the Clearinghouse(s) determines that theContent in a SC is corrupted or falsified and repudiate the transaction.

The control of Content usage is enabled through the End-User PlayerApplication 195 running on an End-User Device(s). The application embedsa digital code in every copy of the Content that defines the allowablenumber of secondary copies and playbacks. Digital watermarkingtechnology is used to generate the digital code, to keep it hidden fromother End-User Player Application 195, and to make it resistant toalteration attempts. In an alternate embodiment, the digital code isjust kept as part of the usage conditions associated with the Content113. When the Digital Content 113 is accessed in a compliant End-UserDevice(s), the End-User Player Application 195 reads the watermark tocheck the use restrictions and updates the watermark as required. If therequested use of the content does not comply with the usage conditions,e.g., the number of copies has been exhausted, the End-User Device(s)will not perform the request.

Digital watermarking also provides the means to identify the origin ofauthorized or unauthorized copies of Content. An initial watermark inthe Content is embedded by the content proprietor to identify thecontent proprietor, specify copyright information, define geographicdistribution areas, and add other pertinent information. A secondwatermark is embedded in the Content at the End-User Device(s) toidentify the content purchaser (or licensee) and End-User Device(s),specify the purchase or license conditions and date, and add any otherpertinent information.

Since watermarks become an integral part of the Content, they arecarried in the copies independent of whether the copies were authorizedor not. Thus the Digital Content always contains information regardingits source and its permitted use regardless of where the content residesor where it comes from. This information may be used to combat illegaluse of the Content.

2. Metering

As part of its rights management functions, the Clearinghouse(s) keeps arecord of all transactions where a key exchange is cleared through theClearinghouse(s). This record allows for the metering of licensingauthorization and the original conditions of use. The transaction recordcan be reported to responsible parties, such as, content proprietors orContent Provider(s), retailers, and others, on an immediate or periodicbasis to facilitate electronic reconciliation of transaction paymentsand other uses.

3. Open Architecture

The Secure Digital Content Electronic Distribution System (System) is anopen architecture with published specifications and interfaces tofacilitate broad implementation and acceptance of the System in themarket place while maintaining rights protection for the contentproprietors. The flexibility and openness of the System architecturealso enable the System to evolve over time as various technologies,transmission infrastructures, and devices are delivered to themarketplace.

The architecture is open regarding the nature of the Content and itsformat. Distribution of audio, programs, multimedia, video, or othertypes of Content is supported by the architecture. The Content could bein a native format, such as linear PCM for digital music, or a formatachieved by additional preprocessing or encoding, such as filtering,compression, or pre/de-emphasis, and more. The architecture is open tovarious encryption and watermarking techniques. It allows for theselection of specific techniques to accommodate different Content typesand formats and to allow the introduction or adoption of newtechnologies as they evolve. This flexibility allows Content Provider(s)to pick and evolve the technologies they use for data compression,encryption, and formatting within the Secure Digital Content ElectronicDistribution System.

The architecture is also open to different distribution networks anddistribution models. The architecture supports content distribution overlow-speed Internet connections or high-speed satellite and cablenetworks and can be used with point-to-point or broadcast models. Inaddition, the architecture is designed so that the functions in theEnd-User Device(s) can be implemented on a wide variety of devices,including low cost consumer devices. This flexibility allows ContentProvider(s) and retailers to offer Content to intermediate orEnd-User(s) through a variety of service offerings and enables the usersto purchase or license Content, play it back, and record it on variouscompliant player devices.

B. System Functional Elements

Turning now to FIG. 1, there is shown a block diagram illustrating anoverview of a Secure Digital Content Electronic Distribution System 100according to the present invention. The Secure Digital ContentElectronic Distribution System 100 encompasses several business elementsthat comprise an end-to-end solution, including: Content Provider(s) 101or the proprietors of the Digital Content, Electronic Digital ContentStore(s) 103, Intermediate Market Partners (not shown), Clearinghouse(s)105, Content Hosting Site 111, Transmission Infrastructures 107, andEnd-User Device(s) 109. Each of these business elements use variouscomponents of the Secure Digital Content Electronic Distribution System100. A high level description of these business elements and systemcomponents, as they pertain specifically to electronic Content 113distribution, follows.

1. Content Provider(s) 101

Content Provider(s) 101 or content proprietor(s) are owners of originalContent 113 and/or distributors authorized to package independentContent 113 for further distribution. Content Provider(s) 101 mayexploit their rights directly or license Content 113 to the ElectronicDigital Content Store(s) 103, or Intermediate Market Partners (notshown), usually in return for Content usage payments related toelectronic commerce revenues. Examples of Content Provider(s) 101include Sony, Time-Warner, MTV, IBM, Microsoft, Turner, Fox and others.

Content Provider(s) 101 use tools provided as part of the Secure DigitalContent Electronic Distribution System 100 in order to prepare theirContent 113 and related data for distribution. A Work Flow Manager Tool154 schedules Content 113 to be processed and tracks the Content 113 asit flows through the various steps of Content 113 preparation andpackaging to maintain high quality assurance. The term metadata is usedthroughout this document to mean data related to the Content 113 and inthis embodiment does not include the Content 113 itself. As an example,metadata for a song maybe a song title or song credits but not the soundrecording of the song. The Content 113 would contain the soundrecording. A Metadata Assimilation and Entry Tool 161 is used to extractmetadata from the Content Provider(s)' Database 160 or data provided bythe Content Provider(s) in a prescribed format (for a music example theContent 113 information such as CD title, artist name, song title, CDartwork, and more) and to package it for electronic distribution. TheMetadata Assimilation and Entry Tool 161 is also used to enter the UsageConditions for the Content 113. The data in Usage Conditions can includecopy restriction rules, the wholesale price, and any business rulesdeemed necessary. A Watermarking Tool is used to hide data in theContent 113 that identifies the content owner, the processing date, andother relevant data. For an embodiment where the Content 113 is audio,an audio preprocessor tool is used to adjust the dynamics and/orequalize the Content 113 or other audio for optimum compression quality,compress the Content 113 to the desired compression levels, and encryptthe Content 113. These can be adapted to follow technical advances indigital content compression/encoding, encryption, and formattingmethods, allowing the Content Provider(s) 101 to utilize best tools asthey evolve over time in the marketplace.

The encrypted Content 113, digital content-related data or metadata, andencrypted keys are packed in SCs (described below) by the SC Packer Tooland stored in a content hosting site and/or promotional web site forelectronic distribution. The content hosting site can reside at theContent Provider(s) 101 or in multiple locations, including ElectronicDigital Content Store(s) 103 and Intermediate Market Partners (notshown) facilities. Since both the Content 113 and the Keys (describedbelow) are encrypted and packed in SCs, Electronic Digital ContentStore(s) 103 or any other hosting agent can not directly accessdecrypted Content 113 without clearance from the Clearinghouse(s) andnotification to the Content Provider(s) 101.

2. Electronic Digital Content Store(s) 103

Electronic Digital Content Store(s) 103 are the entities who market theContent 113 through a wide variety of services or applications, such asContent 113 theme programming or electronic merchandising of Content113. Electronic Digital Content Store(s) 103 manage the design,development, business operations, settlements, merchandising, marketing,and sales of their services. Example online Electronic Digital ContentStore(s) 103 are Web sites that provide electronic downloads ofsoftware.

Within their services, Electronic Digital Content Store(s) 103 implementcertain functions of the Secure Digital Content Electronic DistributionSystem 100. Electronic Digital Content Store(s) 103 aggregateinformation from the Content Provider(s) 101, pack content and metadatain additional SCs, and deliver those SCs to consumers or businesses aspart of a service or application. Electronic Digital Content Store(s)103 use tools provided by the Secure Digital Content ElectronicDistribution System 100 to assist with: metadata extraction, secondaryusage conditions, SC packaging, and tracking of electronic contenttransactions. The secondary usage conditions data can include retailbusiness offers such as Content 113 purchase price, pay-per-listenprice, copy authorization and target device types, or timed-availabilityrestrictions.

Once an Electronic Digital Content Store(s) 103 completes a validrequest for electronic Content 113 from an End-User(s), the ElectronicDigital Content Store(s) 103 is responsible for authorizing theClearinghouse(s) 105 to release the decryption key for the Content 113to the customer. The Electronic Digital Content Store(s) also authorizesthe download of the SC containing the Content 113. The ElectronicDigital Content Store(s) may elect to host the SCs containing theDigital Content at its local site and/or utilize the hosting anddistribution facilities of another Content hosting site.

The Electronic Digital Content Store(s) can provide customer service forany questions or problems that an End-User(s) may have using the SecureDigital Content Electronic Distribution System 100, or the ElectronicDigital Content Store(s) 103 may contract their customer service supportto the Clearinghouse(s) 105.

3. Intermediate Market Partners (not Shown)

In an alternate embodiment, the Secure Digital Content ElectronicDistribution System 100 can be used to provide Content 113 securely toother businesses called Intermediate Market Partners. These partners mayinclude digital content-related companies offering a non-electronicservice, such as televisions stations or video clubs, radio stations orrecord clubs, that distribute Content 113. These Partners may alsoinclude other trusted parties who handle material as part of making ormarketing sound recordings, such as record studios, replicators, andproducers. These Intermediate Market Partners requires clearance fromthe Clearinghouse(s) 105 in order to decrypt the Content 113.

4. Clearinghouse(s) 105

The Clearinghouse(s) 105 provides the licensing authorization and recordkeeping for all transactions that relate to the sale and/or permitteduse of the Content 113 encrypted in a SC. When the Clearinghouse(s) 105receives a request for a decryption key for the Content 113 from anintermediate or End-User(s), the Clearinghouse(s) 105 validates theintegrity and authenticity of the information in the request; verifiesthat the request was authorized by an Electronic Digital ContentStore(s) or Content Provider(s) 101; and verifies that the requestedusage complies with the content Usage Conditions as defined by theContent Provider(s) 101. Once these verifications are satisfied, theClearinghouse(s) 105 sends the decryption key for the Content 113 to therequesting End-User(s) packed in a License SC. The key is encrypted in amanner so that only the authorized user can retrieve it. If theEnd-User's request is not verifiable, complete, or authorized, theClearinghouse(s) 105 repudiates the request for the decryption key.

The Clearinghouse(s) 105 keeps a record of all transactions and canreport them to responsible parties, such as Electronic Digital ContentStore(s) 103 and Content Provider(s) 101, on an immediate, periodic, orrestricted basis. This reporting is a means by which Content Provider(s)101 can be informed of the sale of Content 113 and the ElectronicDigital Content Store(s) 103 can obtain an audit trail of electronicdelivery to their customers. The Clearinghouse(s) 105 can also notifythe Content Provider(s) 101 and/or Electronic Digital Content Store(s)103 if it detects that information in a SC has been compromised or doesnot comply with the Content's Usage Conditions. The transactionrecording and repository capabilities of the Clearinghouse(s) 105database is structured for data mining and report generation.

In another embodiment, the Clearinghouse(s) 105 can provide customersupport and exception processing for transactions such as refunds,transmission failures, and purchase disputes. The Clearinghouse(s) 105can be operated as an independent entity, providing a trusted custodianfor rights management and metering. It provides billing and settlementas required. Examples of electronic Clearinghouse(s) includeSecure-Bank.com and Secure Electronic Transaction (SET) fromVisa/Mastercard. In one embodiment, the Clearinghouse(s) 105 are Websites accessible to the End-User Device(s) 109. In another embodiment,the Clearinghouse(s) 105 is part of the Electronic Digital ContentStore(s) 103.

5. End-User Device(s) 109

The End-User Device(s) 109 can be any player device that contains anEnd-User Player Application 195 (described later) compliant with theSecure Digital Content Electronic Distribution System 100specifications. These devices may include PCS, set top boxes (IRDs), andInternet appliances. The End-User Player Application 195 could beimplemented in software and/or consumer electronics hardware. Inaddition to performing play, record, and library management functions,the End-User Player Application 195 performs SC processing to enablerights management in the End-User Device(s) 109. The End-User Device(s)109 manages the download and storage of the SCs containing the DigitalContent; requests and manages receipt of the encrypted Digital Contentkeys from the Clearinghouse(s) 105; processes the watermark(s) everytime the Digital Content is copied or played; manages the number ofcopies made (or deletion of the copy) in accordance with the DigitalContent's Usage Conditions; and performs the copy to an external mediaor portable consumer device if permitted. The portable consumer devicecan perform a subset of the End-User Player Application 195 functions inorder to process the content's Usage Conditions embedded in thewatermark. The terms End-User(s) and End-User Player Application 195 areused throughout this to mean through the use or running-on an End-UserDevice(s) 109.

6. Transmission Infrastructures 107

The Secure Digital Content Electronic Distribution System 100 isindependent of the transmission network connecting the ElectronicDigital Content Store(s) 103 and End-User Device(s) 109. It supportsboth point-to-point such as the Internet and broadcast distributionmodels such as digital broadcast television.

Even though the same tools and applications are used to acquire,package, and track Content 113 transactions over various TransmissionInfrastructures 107, the presentation and method in which services aredelivered to the customer may vary depending on the infrastructure anddistribution model selected. The quality of the Content 113 beingtransferred may also vary since high bandwidth infrastructures candeliver high-quality digital content at more acceptable response timesthan lower bandwidth infrastructures. A service application designed fora point-to-point distribution model can be adapted to support abroadcast distribution model as well.

C. System Uses

The Secure Digital Content Electronic Distribution System 100 enablesthe secure delivery of high-quality, electronic copies of Content 113 toEnd-User Device(s) 109, whether consumer or business, and to regulateand track usage of the Content 113.

The Secure Digital Content Electronic Distribution System 100 could bedeployed in a variety of consumer and business-to-business servicesusing both new and existing distribution channels. Each particularservice could use a different financial model that can be enforcedthrough the rights management features of the Secure Digital ContentElectronic Distribution System 100. Models such as wholesale or retailpurchase, pay-per-listen usage, subscription services, copy/no-copyrestrictions, or redistribution could be implemented through the rightsmanagement of the Clearinghouse(s) 105 and the End-User PlayerApplication 195 copy protection features.

The Secure Digital Content Electronic Distribution System 100 allowsElectronic Digital Content Store(s) 103 and Intermediate Market Partnersa great deal of flexibility in creating services that sell Content 113.At the same time it provides Content Provider(s) 101 a level ofassurance that their digital assets are protected and metered so thatthey can receive appropriate compensation for the licensing of Content113.

II. Cryptography Concepts and Their Application to the Secure DigitalContent Electronic Distribution System

License Control in the Secure Digital Content Electronic DistributionSystem 100 is based on the use of cryptography. This section introducesbasic cryptography technologies of the present invention. The use ofpublic key encryption, symmetric key encryption, digital signatures,digital watermarks and digital certificates is known.

A. Symmetric Algorithms

In the Secure Digital Content Electronic Distribution System 100 theContent Provider(s) 101 encrypts the content using symmetric algorithms.They are called symmetric algorithms because the same key is used toencrypt and decrypt data. The data sender and the message recipient mustshare the key. The shared key is referred to here as the symmetric key.The Secure Digital Content Electronic Distribution System 100architecture is independent of the specific symmetric algorithm selectedfor a particular implementation.

Common symmetric algorithms are DES, RC2 and RC4. Both DES and RC2 areblock cipher. A block cipher encrypts the data using a block of databits at a time. DES is an official US government encryption standard,has a 64-bit block size, and uses a 56-bit key. Triple-DES is commonlyused to increase the security achieved with simple DES. RSA DataSecurity designed RC2. RC2 uses a variable-key-size cipher and has ablock size of 64 bits. RC4, also designed by RSA Data Security, is avariable-key-size stream cipher. A stream cipher operates on a singledatabit at a time. RSA Data Security claims that eight to sixteenmachine operations are required for RC4 per output byte.

IBM designed a fast algorithm called SEAL. SEAL is a stream algorithmthat uses a variable-length key and that has been optimized for 32-bitprocessors. SEAL requires about five elementary machine instructions perdata byte. A 50 MHZ, 486-based computer runs the SEAL code at 7.2megabytes/second if the 160-bit key used has already been preprocessedinto internal tables.

Microsoft reports results of encryption performance benchmark in itsOverview of CryptoAPI document. These results were obtained by anapplication using Microsoft's CryptoAPI, running on a 120-MHZ,Pentium-based computer with Windows NT 4.0.

Cipher Key Size Key Setup Time Encryption Speed DES 56 460 1,138,519 RC240 40 286,888 RC4 40 151 2,377,723B. Public Key Algorithms

In the Secure Digital Content Electronic Distribution System 100,symmetric keys and other small data pieces are encrypted using publickeys. Public key algorithms use two keys. The two keys aremathematically related so that data encrypted with one key can only bedecrypted with the other key. The owner of the keys keeps one keyprivate (private key) and publicly distributes the second key (publickey).

To secure the transmission of a confidential message using a public keyalgorithm, one must use the recipient's public key to encrypt themessage. Only the recipient, who has the associated private key, candecrypt the message. Public key algorithms are also used to generatedigital signatures. The private key is used for that purpose. Thefollowing section provides information on digital signatures.

The most common used public-key algorithm is the RSA public-key cipher.It has become the de-facto public key standard in the industry. Otheralgorithms that also work well for encryption and digital signatures areElGamal and Rabin. RSA is a variable-key length cipher.

Symmetric key algorithms are much faster than the public key algorithms.In software, DES is generally at least 100 times as fast as RSA. Becauseof this, RSA is not used to encrypt bulk data. RSA Data Security reportsthat on a 90 MHZ Pentium machine, RSA Data Security's toolkit BSAFE 3.0has a throughput for private-key operations (encryption or decryption,using the private key) of 21.6 kilobits/second with a 512-bit modulusand 7.4 kilobits/second with a 1024-bit modulus.

C. Digital Signature

In the Secure Digital Content Electronic Distribution System 100, theissuer of SC(s) protects the integrity of SC(s) by digitally signing it.In general, to create a digital signature of a message, a message ownerfirst computes the message digest (defined below) and then encrypt themessage digest using the owner's private key. The message is distributedwith its signature. Any recipient of the message can verify the digitalsignature first by decrypting the signature using the public key of themessage owner to recover the message digest. Then, the recipientcomputes the digest of the received message and compares it with therecovered one. If the message has not being altered during distribution,the calculated digest and recovered digest must be equal.

In the Secure Digital Content Electronic Distribution System 100, sinceSC(s) contain several data parts, a digest is calculated for each partand a summary digest is calculated for the concatenated part digests.The summary digest is encrypted using the private key of the issuer ofthe SC(s). The encrypted summary digest is the issuer's digitalsignature for the SC(s). The part digests and the digital signature areincluded in the body of the SC(s). The recipients of SC(s) can verifythe integrity of the SC(s) and its parts by means of the receiveddigital signature and part digests.

A one-way hash algorithm is used to calculate a message digest. A hashalgorithm takes a variable-length-input message and converts it into afixed length string, the message digest. A one-way hash algorithmoperates only in one direction. That is, it is easy to calculate thedigest for an input message, but it is very difficult (computationallyinfeasible) to generate the input message from its digest. Because ofthe properties of the one-way hash functions, one can think of a messagedigest as a fingerprint of the message.

The more common one-way hash functions are MD5 from RSA Data Securityand SHA designed by the US National Institute of Technology andStandards (NITS).

D. Digital Certificates

A digital certificate is used to authenticate or verify the identity ofa person or entity that has sent a digitally signed message. Acertificate is a digital document issued by a certification authoritythat binds a public key to a person or entity. The certificate includesthe public key, the name of the person or entity, an expiration date,the name of the certification authority, and other information. Thecertificate also contains the digital signature of the certificationauthority.

When an entity (or person) sends a message signed with its private keyand accompanied with its digital certificate, the recipient of themessage uses the entity's name from the certificate to decide whether ornot to accept the message.

In the Secure Digital Content Electronic Distribution System 100, everySC(s), except those issued by the End-User Device(s) 109, includes thecertificate of the creator of the SC(s). The End-User Device(s) 109 donot need to include certificates in their SC(s) because many End-User(s)do not bother to acquire a certificate or have certificates issued bynon bona-fide Certification Authorities. In the Secure Digital ContentElectronic Distribution System 100, the Clearinghouse(s) 105 has theoption of issuing certificates to the Electronic Digital ContentStore(s) 103. This allows the End-User Device(s) 109 to independentlyverify that the Electronic Digital Content Store(s) 103 have beenauthorized by the Secure Digital Content Electronic Distribution System100.

E. Guide to the SC(s) Graphical Representation

This document uses a drawing to graphically represent SC(s) that showsencrypted parts, non-encrypted parts, the encryption keys, andcertificates. Referring now to FIG. 2 is an example drawing of SC(s)200. The following symbols are used in the SC(s) figures. Key 201 is apublic or private key. The teeth of the key e.g. CLRNGH forClearinghouse indicate the key owner. PB inside the handle indicatesthat it is a public key thus key 201 is a Clearinghouse public key. PVinside the handle indicates that it is a private key. Diamond shape isan End-User Digital Signature 202. The initials indicate which privatekey was used to create the signature thus in EU is the End-User(s)digital signature from table below. Symmetric key 203 is used to encryptcontent. An encrypted symmetric key object 204 comprising a symmetrickey 203 encrypted with a PB of CLRNGH. The key on the top border of therectangle is the key used in the encryption of the object. The symbol ortext inside the rectangle indicates the encrypted object (a symmetrickey in this case). Another encrypted object, in this example aTransaction ID encrypted object 205 is shown. And Usage Conditions 206for content licensing management as described below. The SC(s) 200comprises Usage Conditions 206, Transaction ID encrypted object 205, anApplication ID encrypted object 207, and encrypted symmetric key object204, all signed with an End-User Digital Signature 202.

The table below shows the initials that identify the signer of SC(s).

Initial Component CP Content Provider(s) 101 MS Electronic DigitalContent Store(s) 103 HS Content Hosting Site(s) 111 EU End-UserDevice(s) 109 CH Clearinghouse(s) 105 CA certification authority(ies)(not shown)F. Example of a Secure Container Encryption

The tables and diagrams below provide an overview of the encryption anddecryption process used to create and recover information from SC(s).The SC(s) that is created and decrypted in this process overview is ageneral SC(s). It does not represent any of the specific SC(s) typesused for rights management in the Secure Digital Content ElectronicDistribution System 100. The process consists of the steps described inFIG. 3 for encryption process.

Process Flow for Encryption Process of FIG. 3

Step Process

-   301 Sender generates a random symmetric key and uses it to encrypt    the content.-   302 Sender runs the encrypted content through a hash algorithm to    produce the content digest.-   303 Sender encrypts the symmetric key using the recipient's public    key. PB RECPNT refers to the recipient's public key.-   304 Sender runs the encrypted symmetric key through the same hash    algorithm used in step 2 to produce the symmetric key digest.-   305 Sender runs the concatenation of the content digest and    symmetric key digest through the same hash algorithm used in step 2    to produce the SC(s) digest.-   306 Sender encrypts the SC(s) digest with the sender's private key    to produce the digital signature for the SC(s). PV SENDER refers to    the sender's private key.-   307B Sender creates a SC(s) file that includes the encrypted    content, encrypted symmetric key, content digest, symmetric key    digest, sender's certificate, and SC(s) signature.-   307A Sender must have obtained the certificate from a certification    authority prior to initiating secure communications. The    certification authority includes in the certificate the sender's    public key, the sender's name and signs it. PV CAUTHR refers to the    certifications authority's private key. Sender transmits the SC(s)    to the recipient.    Process Flow for Decryption Process of FIG. 4    Step Process-   408 Recipient receives the SC(s) and separates its parts.-   409 Recipient verifies the digital signature in the sender's    certificate by decrypting it with the public key of the    certification authority. If the certificate's digital signature is    valid, recipient acquires the sender's public key from the    certificate.-   410 Recipient decrypts the SC(s) digital signature using the    sender's public key. This recovers the SC(s) digest. PB SENDER    refers to the sender's public key.-   411 Recipient runs the concatenation of the received content digest    and encrypted key digest through the same hash algorithm used by the    sender to compute the SC(s) digest.-   412 Recipient compares the computed SC(s) digest with the one    recovered from the sender's digital signature. If they are the same,    recipient confirms that the received digests have not been altered    and continues with the decryption process. If they are not the same,    recipient discards the SC(s) and notifies the sender.-   413 Recipient runs the encrypted symmetric key through the same hash    algorithm used in step 411 to compute the symmetric key digest.-   414 Recipient compares the computed symmetric key digest with the    one received in the SC(s). If it is the same, recipient knows that    the encrypted symmetric key has not been altered. Recipient    continues with the decryption process. If not valid, recipient    discards the SC(s) and notifies the sender.-   415 Recipient runs the encrypted content through the same hash    algorithm used in step 411 to compute the content digest.-   416 Recipient compares the computed content digest with the one    received in the SC(s). If it is the same, recipient knows that the    encrypted content has not been altered. Recipient then continues    with the decryption process. If not valid, recipient discards the    SC(s) and notifies the sender.-   417 Recipient decrypts the encrypted symmetric key using the    recipient's private key. This recovers the symmetric key. PV RECPNT    refers to the recipient's private key.-   418 Recipient uses the symmetric key to decrypt the encrypted    content. This recovers the content.

III. Secure Digital Content Electronic Distribution System Flow

The Secure Electronic Digital Content Distribution System 100, consistsof several components that are used by the different participants of thesystem. These participants include the Content Provider(s) 101,Electronic Digital Content Store(s) 103, End-User(s) via End-UserDevice(s) 109 and the Clearinghouse(s) 105. A high level system flow isused as an overview of the Secure Digital Content ElectronicDistribution System 100. This flow outlined below tracks Content as itflows throughout the System 100. Additionally it outlines the steps usedby the participants to conduct the transactions for the purchase,unlocking and use of the Content 113. Some of the assumptions made inthe system flow include:

-   This is a system flow for a Digital Content service (Point-to-Point    Interface to a PC).-   Content Provider(s) 101 submits audio Digital Content in PCM    uncompressed format (as a music audio example).-   Content Provider(s) 101 has metadata in an ODBC compliant database    or Content Provider(s) 101 will enter the data directly into the    Content Information Processing Subsystem, or will have provided data    in prescribed ASCII file format(s).-   Financial settlement is done by the Electronic Digital Content    Store(s).-   Content 113 is hosted at a single Content Hosting Site(s) 111.

It should be understood by those skilled in the art that theseassumptions can be altered to accommodate the exact nature of theDigital Content e.g. music, video and program and electronicdistribution systems broadcast.

The following process flow in illustrated in FIG. 1.

Step Process

-   121 A uncompressed PCM audio file is provided as Content 113 by the    Content Provider(s) 101. Its filename is input into the Work Flow    Manager 154 Tool along with the Content Provider(s)' 101 unique    identifier for the Content 113.-   122 Metadata is captured from the Content Provider(s)' Database 160    by the Content Information Processing Subsystem using the Content    Provider(s)' 101 unique identifier for the Content 113 and    information provided by the Database Mapping Template.-   123 The Work Flow Manager Tool 154 is used to direct the content    flow through the acquisition and preparation process at the Content    Provider(s) 101. It can also be used to track the status of any    piece of content in the system at any time.-   124 The Usage Conditions for the Content 113 are entered into the    Content Information Processing Subsystem, this can be done either    manually or automatically. This data includes copy restriction rules    and any other business rules deemed necessary. All of the metadata    entry can occur in parallel with the Audio Processing for the data.-   125 The Watermarking Tool is used to hide data in the Content 113    that the Content Provider(s) 101 deems necessary to identify the    content. This could include when it was captured, where it came from    (this Content Provider(s) 101), or any other information specified    by the Content Provider(s) 101.    -   The Content Processing Tool 125 performs equalization, dynamics        adjustments and re-sampling to the Content 113 as necessary for        the different compression levels supported.    -   The Content 113 is compressed using the Content Processing Tool        125 to the desired compression levels. The Content 113 can then        be played back to verify that the compression produces the        required level of Content 113 quality. If necessary the        equalization, dynamics adjustments, compression and playback        quality checks can be performed as many times as desired.    -   The Content 113 and a subset of its metadata is encrypted with a        Symmetric Key by the SC Packer. This tool then encrypts the key        using the Public Key of the Clearinghouse(s) 105 to produce an        Encrypted Symmetric Key. This key can be transmitted anywhere        without comprising the security of the Content 113 since the        only entity that can decrypt it is the Clearinghouse(s) 105.-   126 The Encrypted Symmetric Key, metadata and other information    about the Content 113 is then packed into a Metadata SC by the SC    Packer Tool 152.-   127 The encrypted Content 113 and metadata are then packed into a    Content SC. At this point the processing on the Content 113 and    metadata is complete.-   128 The Metadata SC(s) is then sent to the Content Promotions Web    Site 156 using the Content Disbursement Tool (not shown).-   129 The Content Disbursement Tool sends the Content SC(s) to the    Content Hosting Site(s) 111. The Content Hosting Site(s) can reside    at the Content Provider(s) 101, the Clearinghouse(s) 105 or a    special location dedicated for Content Hosting. The URL for this    site is part of the metadata that was added to the Metadata SC.-   130 The Content Promotions Web Site 156 notifies Electronic Digital    Content Store(s) 103 of new Content 113 that is added to the System    100.-   131 Using the Content Acquisition Tool, Electronic Digital Content    Store(s) 103 then download the Metadata SCs that correspond to the    Content 113 they wish to sell.-   132 The Electronic Digital Content Store(s) 103 will use the Content    Acquisition Tool to pull out any data from the Metadata SC(s) that    they want to use to promote the Content 113 on their Web Site.    Access to portions of this metadata can be secured and charged for    if desired.-   133 The Usage Conditions for the Content 113, specific to this    Electronic Digital Content Store(s) 103, are entered using the    Content Acquisition Tool. These Usage Conditions include the retail    prices and copy/play restrictions for the different compression    levels of the Content 113.-   134 The Electronic Digital Content Store(s) 103 specific Usage    Conditions and the original Metadata SC(s) are packed into an Offer    SC by the SC Packer Tool.-   135 After the Electronic Digital Content Store(s) 103 Web Site is    updated, the Content 113 is available to End-User(s) surfing the    Web.-   136 When an End-User(s) finds Content 113 that they want to buy,    they click on a content icon, such as a music icon, and the item is    added to his/her shopping cart which is maintained by the Electronic    Digital Content Store(s) 103. When the End-User(s) completes    shopping they submit the purchase request to the Electronic Digital    Content Store(s) 103 for processing.-   137 The Electronic Digital Content Store(s) 103 then interacts with    credit card clearing organizations to place a hold on the funds in    the same way they do business today.-   138 Once the Electronic Digital Content Store(s) 103 receives the    credit card authorization number back from the credit card clearing    organization, it stores this into a database and invokes the SC    Packer Tool to build a Transaction SC. This Transaction SC includes    all of the Offer SCs for the Content 113 that the End-User(s) has    purchased, a Transaction ID that can be tracked back to the    Electronic Digital Content Store(s) 103, information that identifies    the End-User(s), compression levels, Usage Conditions and the price    list for the songs purchased.-   139 This Transaction SC is then transmitted to the End-User    Device(s) 109.-   140 When the Transaction SC arrives on the End-User Device(s) 109,    it kicks off the End-User Player Application 195 which opens the    Transaction SC and acknowledges the End-User's purchase. The    End-User Player Application 195 then opens the individual Offer SCs    and in an alternate embodiment, may inform the user with an estimate    of the download time. It then asks the user to specify when they    want to download the Content 113.-   141 Based on the time the End-User(s) requested the download, the    End-User Player Application 195 will wakeup and initiate the start    of the download process by building a Order SC that contains among    other things the Encrypted Symmetric Key for the Content 113, the    Transaction ID, and End-User(s) information.-   142 This Order SC is then sent to the Clearinghouse(s) 105 for    processing.-   143 The Clearinghouse(s) 105 receives the Order SC, opens it and    verifies that none of the data has been tampered with. The    Clearinghouse(s) 105 validates the Usage Conditions purchased by the    End-User(s). These Usage Conditions must comply with those specified    by the Content Provider(s) 101. This information is logged in a    database.-   144 Once all the checks are complete, the Encrypted Symmetric Key is    decrypted using the private key of the Clearinghouse(s) 105. The    Symmetric Key is then encrypted using the public key of the    End-User(s). This new Encrypted Symmetric Key is then packaged into    a License SC by the SC Packer.-   145 The License SC is then transmitted to the End-User(s).-   146 When the License SC is received at the End-User Device(s) 109 it    is stored in memory until the Content SC is downloaded.-   147 The End-User Device(s) 109 request from the Content Hosting    Facility 111, sending the corresponding License SC for the purchased    Content 113.-   148 Content 113 is sent to the End-User Device(s) 109. Upon the    receipt the Content 113 is de-encrypted by the End-User Device(s)    109 using the Symmetric Key.

IV. Rights Management Architecture Model

A. Architecture Layer Functions

FIG. 5 is a block diagram of the Rights Management Architecture of theSecure Digital Content Electronic Distribution System 100.Architecturally, four layers represent the Secure Digital ContentElectronic Distribution System 100: the License Control Layer 501, theContent Identification Layer 503, Content Usage Control Layer 505, andthe Content Formatting Layer 507. The overall functional objective ofeach layer and the individual key functions for each layer are describedin this section. The functions in each of the layers are fairlyindependent of the functions in the other layers. Within broadlimitations, functions in a layer can be substituted with similarfunctions without affecting the functionality of the other layers.Obviously, it is required that the output from one layer satisfiesformat and semantics acceptable to the adjacent layer.

The License Control Layer 501 ensures that:

-   the Digital Content is protected during distribution against illegal    interception and tampering;-   the Content 113 originates from a rightful content owner and is    distributed by a licensed distributor, e.g. Electronic Digital    Content Store(s) 103;-   the Digital Content purchaser has a properly licensed application;-   the distributor is paid by the purchaser before a copy of the    Content 113 is made available to the purchaser or End-User(s); and-   a record of the transaction is kept for reporting purposes.

The Content Identification Layer 503 allows for the verification of thecopyright and the identity of the content purchaser. The content'scopyright information and identity of the content purchaser enables thesource tracking of any, authorized or not, copy of the Content 113.Thus, the Content Identification Layer 503 provides a means to combatpiracy.

The Content Usage Control Layer 505 ensures that the copy of the Content113 is used in the purchaser's device according to the Store UsageConditions 519. The Store Usage Conditions 519 may specify the number ofplays and local copies allowed for the Content 113, and whether or notthe Content 113 maybe recorded to an external portable device. Thefunctions in the Content Usage Control Layer 505 keep track of thecontent's copy/play usage and update the copy/play status.

The Content Formatting Layer 507 allows for the format conversion of theContent 113 from its native representation in the content owner'sfacilities into a form that is consistent with the service features anddistribution means of the Secure Digital Content Electronic DistributionSystem 100. The conversion processing may include compression encodingand its associated preprocessing, such as frequency equalization andamplitude dynamic adjustment. For Content 113 which is audio, at thepurchaser's side, the received Content 113 also needs to be processed toachieve a format appropriate for playback or transfer to a portabledevice.

B. Function Partitioning and Flows

The Rights Management Architectural Model is shown in FIG. 5 and thisillustrates the mapping of the architectural layers to the operatingcomponents making up the Secure Digital Content Electronic DistributionSystem 100 and the key functions in each layer.

1. Content Formatting Layer 507

The general functions associated with the Content Formatting Layer 507are Content Preprocessing 502 and Compression 511 at the ContentProvider(s) 101, and Content De-scrambling 513 and Decompression 515 atthe End-User Device(s) 109. The need for preprocessing and the examplesof specific functions were mentioned above. Content Compression 511 isused to reduce the file size of the Content 113 and its transmissiontime. Any compression algorithm appropriate for the type of Content 113and transmission medium can be used in the Secure Digital ContentElectronic Distribution System 100. For music, MPEG½/4, DolbyAC-2 andAC-3, Sony Adaptive Transform Coding (ATRAC), and low-bit ratealgorithms are some of the typically used compression algorithms. TheContent 113 is stored in the End-User Device(s) 109 in compressed formto reduce the storage size requirement. It is decompressed during activeplayback. De-scrambling is also performed during active playback. Thepurpose and type of scrambling will be described later during thediscussion of the Content Usage Control Layer 505.

2. Content Usage Control Layer 505

The Content Usage Control Layer 505 permits the specification andenforcement of the conditions or restrictions imposed on the use ofContent 113 use at the End-User Device(s) 109. The conditions mayspecify the number of plays allowed for the Content 113, whether or nota secondary copy of the Content 113 is allowed, the number of secondarycopies, and whether or not the Content 113 maybe copied to an externalportable device. The Content Provider(s) 101 sets the allowable UsageConditions 517 and transmits them to the Electronic Digital ContentStore(s) 103 in a SC (see the License Control Layer 501 section). TheElectronic Digital Content Store(s) 103 can add to or narrow the UsageConditions 517 as long as it doesn't invalidate the original conditionsset by the Content Provider(s) 101. The Electronic Digital ContentStore(s) 103 then transmits all Store Usage Conditions 519 (in a SC) tothe End-User Device(s) 109 and the Clearinghouse(s) 105. TheClearinghouse(s) 105 perform Usage Conditions Validation 521 beforeauthorizing the Content 113 release to an End-User Device(s) 109.

The enforcement of the content Usage Conditions 517 is performed by theContent Usage Control Layer 505 in the End-User Device(s) 109. First,upon reception of the Content 113 copy from the Content IdentificationLayer 503 in the End-User Device(s) 109 marks the Content 113 with aCopy/Play Code 523 representing the initial copy/play permission.Second, the Player Application 195 cryptographically scrambles theContent 113 before storing it in the End-User Device(s) 109. The PlayerApplication 195 generates a scrambling key for each Content item, andthe key is encrypted and hidden in the End-User Device(s) 109. Then,every time the End-User Device(s) 109 accesses the Content 113 for copyor play, the End-User Device(s) 109 verifies the copy/play code beforeallowing the de-scrambling of the Content 113 and the execution of theplay or copy. The End-User Device(s) 109 also appropriately updates thecopy/play code in the original copy of the Content 113 and on any newsecondary copy. The copy/play coding is performed on Content 113 thathas been compressed. That is, there is no need to decompress the Content113 before the embedding of the copy/play code.

The End-User Device(s) 109 uses a License Watermark 527 to embed thecopy/play code within the Content 113. Only the End-User PlayerApplication 195 that is knowledgeable of the embedding algorithm and theassociated scrambling key is able to read or modify the embedded data.The data is invisible or inaudible to a human observer; that is, thedata introduces no perceivable degradation to the Content 113. Since thewatermark survives several steps of content processing, datacompression, D-to-A and A-to-D conversion, and signal degradationintroduced by normal content handling, the watermark stays with theContent 113 in any representation form, including analog representation.In an alternate embodiment, instead of using a License Watermark 527 toembed the copy/play code within the Content 113, the End-User PlayerApplication 195 uses securely stored Usage Conditions 519.

3. Content Identification Layer 503

As part of the Content Identification Layer 503, the Content Provider(s)101 also uses a License Watermark 527 to embed data in the Content 113such as to the content identifier, content owner and other information,such as publication date and geographic distribution region. Thiswatermark is referred to here as the Copyright Watermark 529. Uponreception, the End-User Device(s) 109 watermarks the copy of the Content113 with the content purchaser's name and the Transaction ID 535 (seethe License Control Layer 501 section below), and with other informationsuch as date of license and Usage Conditions 517. This watermark isreferred to here as the license watermark. Any copy of Content 113,obtained in an authorized manner or not, and subject to audio processingthat preserves the content quality, carries the copyright and licensewatermarks. The Content Identification Layer 503 deters piracy.

4. License Control Layer 501

The License Control Layer 501 protects the Content 113 againstunauthorized interception and ensures that the Content is only releasedon an individual basis to an End-User(s) that has properly licensedEnd-User Device(s) 109 and successfully completes a license purchasetransaction with an authorized Electronic Digital Content Store(s) 103.The License Control Layer 501 protects the Content 113 by doubleEncryption 531. The Content 113 is encrypted using an encryptionsymmetric key generated by the Content Provider(s) 101, and thesymmetric key is encrypted using the public key 621 of theClearinghouse(s). Only the Clearinghouse(s) 105 can initially recoverthe symmetric key.

License control is designed with the Clearinghouse(s) 105 as the“trusted party”. Before releasing permission for the License Request537, (i.e. the Symmetric Key 623 for the Content 113 to an End-UserDevice(s) 109), the Clearinghouse(s) 105 verifies that the Transaction541 and the License Authorization 543 are complete and authentic, thatthe Electronic Digital Content Store(s) 103 has authorization from theSecure Digital Content Electronic Distribution System 100 for the saleof electronic Content 113, and that the End-User(s) has a properlylicensed application. Audit/Reporting 545 allows the generation ofreports and the sharing of licensing transaction information with otherauthorized parties in the Secure Electronic Digital Content DistributionSystem 100

License control is implemented through SC Processing 533. SC(s) are usedto distribute encrypted Content 113 and information among the systemoperation components (more about the SC(s) detailed structure sectionsbelow). A SC is cryptographic carrier of information that usescryptographic encryption, digital signatures and digital certificates toprovide protection against unauthorized interception and modification ofthe electronic information or Content 113. It also allows for theauthenticity verification of the electronic data.

License control requires that the Content Provider(s) 101, theElectronic Digital Content Store(s) 103, and the Clearinghouse(s) 105have bona-fide cryptographic digital certificates from reputableCertificate Authorities that are used to authenticate those components.The End-User Device(s) 109 are not required to have digitalcertificates.

C. Content Distribution and Licensing Control

FIG. 6 is a block diagram illustrating an overview of the ContentDistribution and Licensing Control as it applies to the License ControlLayer of FIG. 5. The figure depicts the case in which the ElectronicDigital Content Store(s) 103, End-User Device(s) 109 and theClearinghouse(s) 105 are interconnected via the Internet, and unicast(point-to-point) transmission is used among those components. Thecommunication between the Content Provider(s) 101 and the ElectronicDigital Content Store(s) 103 could also be over the Internet or othernetwork. It is assumed that the Content-purchase commercial transactionbetween the End-User Device(s) 109 and the Electronic Digital ContentStore(s) 103 is based on standard Internet Web protocols. As part of theWeb-based interaction, the End-User(s) makes the selection of theContent 113 to purchase, provides personal and financial information,and agrees to the conditions of purchase. The Electronic Digital ContentStore(s) 103 could obtain payment authorization from an acquirerinstitution using a protocol such as SET.

It is also assumed in FIG. 6 that the Electronic Digital ContentStore(s) 103 has downloaded the End-User Player Application 195 to anEnd-User Device(s) 109 based on standard Web protocols. The architecturerequires that the Electronic Digital Content Store(s) 103 assigns aunique application ID to the downloaded Player Application 195 and thatthe End-User Device(s) 109 stores it for later application licenseverification (see below).

The overall licensing flow starts at the Content Provider(s) 101. TheContent Provider(s) 101 encrypts the Content 113 using an encryptionsymmetric key locally generated, and encrypts the Symmetric Key 623using the Clearinghouse's 105 public key 621. In an alternateembodiment, the symmetric key instead of being locally generated my besent to the Content Provider(s) 101 from the Clearinghouse(s) 105. TheContent Provider(s) 101 creates a Content SC(s) 630 around the encryptedContent 113, and a Metadata SC(s) 620 around the encrypted Symmetric Key623, Store Usage Conditions 519, and other Content 113 associatedinformation. There is one Metadata SC(s) 620 and one Content SC(s) 630for every Content 113 object. The Content 113 object maybe a compressionlevel one same song or the Content 113 object may be each song on thealbum or the Content 113 object maybe the entire album. For each Content113 object, the Metadata SC(s) 620 also carries the Store UsageConditions 519 associated with the Content Usage Control Layer 505.

The Content Provider(s) 101 distributes the Metadata SC(s) 620 to one ormore Electronic Digital Content Store(s) 103 (step 601) and the ContentSC(s) 630 to one or more Content Hosting Sites (step 602). EachElectronic Digital Content Store(s) 103, in turn creates an Offer SC(s)641. The Offer SC(s) 641 typically carries much of the same informationas the Metadata SC(s) 620, including the Digital Signature 624 of theContent Provider(s) 101 and the Certificate (not shown of the ContentProvider(s) 101. As mentioned above, the Electronic Digital ContentStore(s) 103 can add to or narrow the Store Usage Conditions 519(handled by the Control Usage Control Layer) initially defined by theContent Provider(s) 101. Optionally, the Content SC(s) 630 and/or theMetadata SC(s) 620 is signed with a Digital Signature 624 of the ContentProvider(s) 101.

After the completion of the Content-purchase transaction between theEnd-User Device(s) 109 and the Electronic Digital Content Store(s) 103(step 603), the Electronic Digital Content Store(s) 103 creates andtransfers to the End-User Device(s) 109 a Transaction SC(s) 640 (step604). The Transaction SC(s) 640 includes a unique Transaction ID 535,the purchaser's name (i.e. End-User(s)') (not shown), the Public Key 661of the End-User Device(s) 109, and the Offer SC(s) 641 associated withthe purchased Content 113. Transaction Data 642 in FIG. 6 representsboth the Transaction ID 535 and the End-User(s) name (not shown). TheTransaction Data 642 is encrypted with the Public Key 621 of theClearinghouse(s) 105. Optionally, the Transaction SC(s) 640 is signedwith a Digital Signature 643 of the Electronic Digital Content Store(s)103.

Upon reception of the Transaction SC(s) 640 (and the Offer SC(s) 641included in it), the End-User Player Application 195 running on End-UserDevice(s) 109 solicits license authorization from the Clearinghouse(s)105 by means of an Order SC(s) 650 (step 605). The Order SC(s) 650includes the encrypted Symmetric Key 623 and Store Usage Conditions 519from the Offer SC(s) 641, the encrypted Transaction Data 642 from theTransaction SC(s) 640, and the encrypted Application ID 551 from theEnd-User Device(s) 109. In another embodiment, the Order SC(s) 650 issigned with a Digital Signature 652 of the End-User Device(s) 109.

Upon reception of the Order SC(s) 650 from the End-User Device(s) 109,the Clearinghouse(s) 105 verifies:

-   1. that the Electronic Digital Content Store(s) 103 has    authorization from the Secure Digital Content Electronic    Distribution System 100 (exists in the Database 160 of the    Clearinghouse(s) 105);-   2. that the Order SC(s) 650 has not been altered;-   3. that the Transaction Data 642 and Symmetric Key 623 are complete    and authentic;-   4. that the electronic Store Usage Conditions 519 purchased by the    End-User Device(s) 109 are consistent with those Usage Conditions    517 set by the Content Provider(s) 101; and-   5. that the Application ID 551 has a valid structure and that it was    provided by an authorized Electronic Digital Content Store(s) 103.

If the verifications are successful, the Clearinghouse(s) 105 decryptsthe Symmetric Key 623 and the Transaction Data 642 and builds andtransfers the License SC(s) 660 to the End-User Device(s) 109 (step606). The License SC(s) 660 carries the Symmetric Key 623 and theTransaction Data 642, both encrypted using the Public Key 661 of theEnd-User Device(s) 109. If any verification is not successful, theClearinghouse(s) 105 denies the license to the End-User Device(s) 109and informs the End-User Device(s) 109. The Clearinghouse(s) 105 alsoimmediately informs the Electronic Digital Content Store(s) 103 of thisverification failure. In an alternate embodiment, the Clearinghouse(s)105 signs the License SC(s) 660 with its Digital Signature 663.

After receiving the License SC(s) 660, the End-User Device(s) 109decrypts the Symmetric Key 623 and the Transaction Data 642 previouslyreceived from the Clearinghouse(s) 105 and requests the Content SC(s)630 (step 607) from a Content Hosting Site(s) 111. Upon arrival of theContent SC(s) 630 (step 608), the End-User Device(s) 109 decrypts theContent 113 using the Symmetric Key 623 (step 609), and passes theContent 113 and the Transaction Data 642 to the other layers for licensewatermarking, copy/play coding, scrambling, and further Content 113processing as described previously for FIG. 5.

Finally, the Clearinghouse(s) 105 on a periodic basis transmits summarytransaction reports to the Content Provider(s) 101 and the ElectronicDigital Content Store(s) 103 for auditing and tracking purposes (step610).

V. Secure Container Structure

A. General Structure

A Secure Container (SC) is a structure that consists of several partswhich together define a unit of Content 113 or a portion of atransaction, and which also define related information such as UsageConditions, metadata, and encryption methods. SC(s) are designed in sucha way that the integrity, completeness, and authenticity of theinformation can be verified. Some of the information in SC(s) may beencrypted so that it can only be accessed after proper authorization hasbeen obtained.

SC(s) include at least one bill of materials (BOM) part which hasrecords of information about the SC(s) and about each of the partsincluded in the SC(s). A message digest is calculated, using a hashingalgorithm such as MD-5, for each part and then included in the BOMrecord for the part. The digests of the parts are concatenated togetherand another digest is computed from them and then encrypted using theprivate key of the entity creating the SC(s) to create a digitalsignature. Parties receiving the SC(s) can use the digital signature toverify all of the digests and thus validate the integrity andcompleteness of the SC(s) and all of its parts.

The following information maybe included as records in the BOM alongwith the records for each part. The SC(s) type determines which recordsneed to be included:

-   SC(s) version-   SC(s) ID-   Type of SC(s) (e.g. Offer, Order, Transaction, Content, Metadata or    promotional and License.)-   Publisher of the SC(s)-   Date that the SC(s) was created-   Expiration date of the SC(s)-   Clearinghouse(s) URL-   Description of the digest algorithm used for the included parts    (default is MD-5)-   Description of the algorithm used for the digital signature    encryption (default is RSA)-   Digital signature (encrypted digest of all of the concatenated    digests of the included parts)

SC(s) may include more than one BOM. For example, an Offer SC(s) 641consists of the original Metadata SC(s) 620 parts, including its BOM, aswell as additional information added by the Electronic Digital ContentStore(s) 103 and a new BOM. A record for the Metadata SC(s) 620 BOM isincluded in the Offer SC(s) 641 BOM. This record includes a digest forthe Metadata SC(s) 620 BOM which can be used to validate its integrityand therefore, the integrity of the parts included from the MetadataSC(s) 620 can also be validated using the part digest values stored inMetadata SC(s) 620 BOM. None of the parts from the Metadata SC(s) 620have records in the new BOM that was created for the Offer SC(s) 641.Only parts added by the Electronic Digital Content Store(s) 103 and theMetadata SC(s) 620 BOM have records in the new BOM.

SC(s) may also include a Key Description part. Key Description partsinclude records that contain the following information about encryptedparts in the SC(s):

-   The name of the encrypted part.-   The name to use for the part when it is decrypted.-   The encryption algorithm used to encrypt the part.-   Either a Key Identifier to indicate the public encryption key that    was used to encrypt the part or an encrypted symmetric key that,    when decrypted, is used to decrypt the encrypted part.-   The encryption algorithm used to encrypt the symmetric key. This    field is only present when the record in the Key Description part    includes an encrypted symmetric key that was used to encrypt the    encrypted part.-   A Key Identifier of the public encryption key that was used to    encrypt the symmetric key. This field is only present when the    record in the Key Description part includes an encrypted symmetric    key and the encryption algorithm identifier of the symmetric key    that was used to encrypt the encrypted part.

If the SC(s) does not contain any encrypted parts, then there is no KeyDescription part.

B. Rights Management Language Syntax and Semantics

The Rights Management Language consists of parameters that can beassigned values to define restrictions on the use of the Content 113 byan End-User(s) after the Content 113 purchase. The restrictions on theuse of the Content 113 is the Usage Conditions 517. Each ContentProvider(s) 101 specifies the Usage Conditions 517 for each of itsContent 113 items. Electronic Digital Content Store(s) 103 interpret theUsage Conditions 517 in Metadata SC(s) 620 and use the information toprovide select options they wish to offer their customers as well as addretail purchase information for the Content 113. After an End-User(s)has selected a Content 113 item for purchase, the End-User Device(s) 109requests authorization for the Content 113 based on Store UsageConditions 519. Before the Clearinghouse(s) 105 sends a License SC(s)660 to the End-User(s), the Clearinghouse(s) 105 verifies that the StoreUsage Conditions 519 being requested are in agreement with the allowableUsage Conditions 517 that were specified by the Content Provider(s) 101in the Metadata SC(s) 620.

When an End-User Device(s) 109 receives the Content 113 that waspurchased, the Store Usage Conditions 519 are encoded into that Content113 using the Watermarking Tool or encoded in the securely stored UsageConditions 519. The End-User Player Application 195 running on End-UserDevice(s) 109 insures that the Store Usage Conditions 519 that wereencoded into the Content 113 are enforced.

The following are examples of Store Usage Conditions 519 for anembodiment where the Content 113 is music:

-   Song is recordable.-   Song can be played n number of times.    C. Overview of Secure Container Flow and Processing

Metadata SC(s) 620 are built by Content Provider(s) 101 and are used todefine Content 113 items such as songs. The Content 113 itself is notincluded in these SC(s) because the size of the Content 113 is typicallytoo large for Electronic Digital Content Store(s) 103 and End-User(s) toefficiently download the containers just for the purpose of accessingthe descriptive metadata. Instead, the SC(s) includes an external URL(Uniform Resource Locators) to point to the Content 113. The SC(s) alsoincludes metadata that provides descriptive information about theContent 113 and any other associated data, such as for music, the CDcover art and/or digital audio clips in the case of song Content 113.

Electronic Digital Content Store(s) 103 download the Metadata SC(s) 620,for which they are authorized, and build Offer SC(s) 641. In short, anOffer SC(s) 641 consists of some of the parts and the BOM from theMetadata SC(s) 620 along with additional information included by theElectronic Digital Content Store(s) 103. Anew BOM for the Offer SC(s)641 is created when the Offer SC(s) 641 is built. Electronic DigitalContent Store(s) 103 also use the Metadata SC(s) 620 by extractingmetadata information from them to build HTML pages on their web sitesthat present descriptions of Content 113 to End-User(s), usually so theycan purchase the Content 113.

The information in the Offer SC(s) 641 that is added by the ElectronicDigital Content Store(s) 103 is typically to narrow the selection ofUsage Conditions 517 that are specified in the Metadata SC(s) 620 andpromotional data such as a graphic image file of the store's logo and aURL to the store's web site. An Offer SC(s) 641 template in the MetadataSC(s) 620 indicates which information can be overridden by theElectronic Digital Content Store(s) 103 in the Offer SC(s) 641 and what,if any, additional information is required by the Electronic DigitalContent Store(s) 103 and what parts are retained in the embeddedMetadata SC(s) 620.

Offer SC(s) 641 are included in a Transaction SC(s) 640 when anEnd-User(s) decides to purchase Content 113 from an Electronic DigitalContent Store(s) 103. The Electronic Digital Content Store(s) 103 buildsa Transaction SC(s) 640 and includes Offer SC(s) 641 for each Content113 item being purchased and transmits it to the End-User Device(s) 109.The End-User Device(s) 109 receives the Transaction SC(s) 640 andvalidates the integrity of the Transaction SC(s) 640 and the includedOffer SC(s) 641.

An Order SC(s) 650 is built by the End-User Device(s) 109 for eachContent 113 item being purchased. Information is included from the OfferSC(s) 641, from the Transaction SC(s) 640, and from the configurationfiles of the End-User Device(s) 109. Order SC(s) 650 are sent to theClearinghouse(s) 105 one at a time. The Clearinghouse(s) 105 URL wherethe Order SC(s) 650 is included as one of the records in the BOM for theMetadata SC(s) 620 and included again in the Offer SC(s) 641.

The Clearinghouse(s) 105 validates and processes Order SC(s) 650 toprovide the End-User Device(s) 109 with everything that is required to aLicense Watermark 527 and access purchased Content 113. One of thefunctions of the Clearinghouse(s) 105 is to decrypt the Symmetric Keys623 that are needed to decrypt the watermarking instructions from theOffer SC(s) 641 and the Content 113 from the Content SC(s) 630. Anencrypted Symmetric Key623 record actually contains more than the actualencrypted Symmetric Key 623. Before executing the encryption, theContent Provider(s) 101 may optionally append its name to the actualSymmetric Key 623. Having the Content Provider(s)' 101 name encryptedtogether with the Symmetric Key 623 provides security against a pirateContent Provider(s) 101 that has built its own Metadata SC(s) 620 andContent SC(s) 630 from legal SC(s). The Clearinghouse(s) 105 verifiesthat the name of the Content Provider(s) 101 encrypted together with theSymmetric Keys 623 matches the name of the Content Provider(s) 101 inthe SC(s) certificate.

If there are any changes required to be made to the watermarkinginstructions by the Clearinghouse(s) 105, then the Clearinghouse(s) 105decrypts the Symmetric Key 623 and then modifies the watermarkinginstructions and encrypts them again using a new Symmetric Key 623. TheSymmetric Key 623 is then re-encrypted using the Public Key 661 of theEnd-User Device(s) 109. The Clearinghouse(s) 105 also decrypts the otherSymmetric Keys 623 in the SC(s) and encrypts them again with the PublicKey 661 of the End-User Device(s) 109. The Clearinghouse(s) 105 builds aLicense SC(s) 660 that includes the newly encrypted Symmetric Keys 623and updated watermarking instructions and sends it to the End-UserDevice(s) 109 in response to the Order SC(s) 650. If the processing ofthe Order SC(s) 650 does not complete successfully, then theClearinghouse(s) 105 returns to the End-User Device(s) 109 an HTML pageor equivalent reporting the failure of the authorization process.

A License SC(s) 660 provides an End-User Device(s) 109 with everythingthat is needed to access a Content 113 item. The End-User Device(s) 109requests the appropriate Content SC(s) 630 from the Content HostingSite(s) 111. Content SC(s) 630 are built by Content Provider(s) 101 andinclude encrypted Content 113 and metadata parts. The End-User PlayerApplication 195 uses the Symmetric Keys 623 from the License SC(s) 660to decrypt the Content 113, metadata, and watermarking instructions. Thewatermarking instructions are then affixed into the Content 113 and theContent 113 is scrambled and stored on the End-User Device(s) 109.

D. Metadata Secure Container 620 Format

The following table shows the parts that are included in a MetadataSC(s) 620. Each box in the Parts column is a separate object included inthe SC(s) along with the BOM (with the exception of part names that aresurrounded by [ ] characters). The BOM contains a record for each partincluded in the SC(s). The Part Exists column indicates whether the partitself is actually included in the SC(s) and the Digest column indicateswhether a message digest is computed for the part. Some parts may not bepropagated when a SC(s) is included in other SC(s) (as determined by theassociated template), although the entire original BOM is propagated.This is done because the entire BOM is required by the Clearinghouse(s)105 to verify the digital signature in the original SC(s).

The Key Description Part columns of the following table define therecords that are included in the Key Description part of the SC(s).Records in the Key Description part define information about theencryption keys and algorithms that were used to encrypt parts withinthe SC(s) or parts within another SC(s). Each record includes theencrypted part name and, if necessary, a URL that points to anotherSC(s) that includes the encrypted part. The Result Name column definesthe name that is assigned to the part after it is decrypted. The EncryptAlg column defines the encryption algorithm that was used to encrypt thepart. The Key Id/Enc Key column defines either an identification of theencryption key that was used to encrypt the part or a base64 encoding ofthe encrypted Symmetric Key 623 bit string that was used to encrypt thepart. The Sym Key Alg column is an optional parameter that defines theencryption algorithm that was used to encrypt the Symmetric Key 623 whenthe previous column is an encrypted Symmetric Key 623. The Sym Key IDcolumn is an identification of the encryption key that was used toencrypt the Symmetric Key 623 when the Key Id/Enc Key column is anencrypted Symmetric Key 623.

BOM Key Description Part Parts Part Exists Digest Result Name EncryptAlg Key Id/Enc Key Sym Key Alg Sym Key ID [Content URL] Output Part RC4Enc Sym Key RSA CH Pub Key [Metadata URL] Output Part RC4 Enc Sym KeyRSA CH Pub Key SC Version SC ID SC Type SC Publisher Date ExpirationDate Clearinghouse(s) URL Digest Algorithm ID Digital Signature Alg IDContent ID Yes Yes Metadata Yes Yes Usage Conditions Yes Yes SCTemplates Yes Yes Watermarking Instructions Yes Yes Key Description PartYes Yes Output Part RC4 Enc Sym Key RSA CH Pub Key Clearinghouse(s)Certificate(s) Yes No Certificate(s) Yes No Digital Signature

The following describes the terms that are used in the above MetadataSC(s) table:

-   [Content URL]—A parameter in a record in the Key Description part.    This is a URL that points to the encrypted Content 113 in the    Content SC(s) 630 that is associated with this Metadata SC(s) 620.    The Metadata SC(s) 620 itself does not contain the encrypted Content    113.-   [Metadata URL]—A parameter in a record in the Key Description part.    This is a URL that points to the encrypted metadata in the Content    SC(s) 630 that is associated with this Metadata SC(s) 620. The    Metadata SC(s) 620 itself does not contain the encrypted metadata.-   Content ID—A part that defines a unique ID assigned to a Content 113    item. There is more than one Content ID included in this part if the    Metadata SC(s) 620 references more than one Content 113 item.-   Metadata—Parts that contain information related to a Content 113    item such as the artist name and CD cover art in the case of a song.    There may be multiple metadata parts, some of which maybe encrypted.    The internal structure of the metadata parts is dependent on the    type of metadata contained therein.-   Usage Conditions—Apart that contains information that describes    usage options, rules, and restrictions to be imposed on an    End-User(s) for use of the Content 113.-   SC(s) Templates—Parts that define templates that describe the    required and optional information for building the Offer, Order, and    License SC(s) 660.-   Watermarking Instructions—A part that contains the encrypted    instructions and parameters for implementing watermarking in the    Content 113. The watermarking instructions may be modified by the    Clearinghouse(s) 105 and returned back to the End-User Device(s) 109    within the License SC(s) 660. There is a record in the Key    Description part that defines the encryption algorithm that was used    to encrypt the watermarking instructions, the output part name to    use when the watermarking instructions are decrypted, a base64    encoding of the encrypted Symmetric Key 623 bit string that is was    used to encrypt the watermarking instructions, the encryption    algorithm that was used to encrypt the Symmetric Key 623, and the    identification of the public key that is required to decrypt the    Symmetric Key 623.-   Clearinghouse(s) Certificate(s)—A certificate from a certification    authority or from the Clearinghouse(s) 105 that contains the signed    Public Key 621 of the Clearinghouse(s) 105. There maybe more than    one certificate, in which case a hierarchical level structure is    used with the highest level certificate containing the public key to    open the next lowest level certificate is reached which contains the    Public Key 621 of the Clearinghouse(s) 105.-   Certificate(s)—A certificate from a certification authority or from    the Clearinghouse(s) 105 that contains the signed Public Key 621 of    the entity that created the SC(s). There maybe more than one    certificate, in which case a hierarchical level structure is used    with the highest level certificate containing the public key to open    the next level certificate, and so on, until the lowest level    certificate is reached which contains the public key of the SC(s)    creator.-   SC Version—A version number assigned to the SC(s) by the SC Packer    Tool.-   SC ID—A unique ID assigned to the SC(s) by the entity that created    the SC(s).-   SC Type—Indicates the type of SC(s) (e.g. Metadata, Offer, Order,    etc.)-   SC Publisher—Indicates the entity that created the SC(s).-   Creation Date—Date that the SC(s) was created.-   Expiration Date—Date the SC(s) expires and is no longer valid.-   Clearinghouse(s) URL—Address of the Clearinghouse(s) 105 that the    End-User Player Application 195 should interact with to obtain the    proper authorization to access the Content 113.-   Digest Algorithm ID—An identifier of the algorithm used to compute    the digests of the parts.-   Digital Signature Alg ID—An identifier of the algorithm used to    encrypt the digest of the concatenated part digests. This encrypted    value is the digital signature.-   Digital Signature—A digest of the concatenated part digests    encrypted with the public key of the entity that created the SC(s).-   Output Part—The name to assign to the output part when an encrypted    part is decrypted.-   RSA and RC4—Default encryption algorithms used to encrypt the    Symmetric Keys 623 and data parts.-   Enc Sym Key—A base64 encoding of an encrypted key bitstring that,    when decrypted, is used to decrypt a SC(s) part.-   CH Pub Key—An identifier that indicates that the Clearinghouse's 105    Public Key 621 was used to encrypt the data.    E. Offer Secure Container 641 Format

The following table shows the parts that are included in the Offer SC(s)641. The parts, with the exception of some of the metadata parts, andBOM from the Metadata SC(s) 620 are also included in the Offer SC(s)641.

BOM Key Description Part Parts Part Exists Digest Result Name EncryptAlg Key ID/Enc Key Sym Key Alg Sym Key ID Metadata SC Parts [ContentURL] Output Part RCA Enc Sym Key RSA CH Pub Key [Metadata URL] OutputPart RC4 Enc Sysu Key RSA CH Pub Key SC Version SC ID SC Type SCPublisher Date Expiration Date Clearinghouse(s) URL Digest Algorithm IDDigital Signature Alg ID Content ID Yes Yes Metadata Some Yes UsageConditions Yes Yes SC Templates Yes Yes Watermarking Instructions YesYes Output Part RC4 Enc Sym Key RSA CH Pub Key Key Description Part YesYes Clearinghouse(s) Certificate(s) Yes No Certificate(s) Yes No DigitalSignature Offer SC Parts SC Version SC ID SC Type SC Publisher DateExpiration Date Digest Algorithm ID Digital Signature Alg ID Metadata SCBOM Yes Yes Additional and Overridden Yes Yes Fields Electronic DigitalContent Yes No Store(s) Certificate Certificate(s) Yes No DigitalSignature

The following describes the terms that are used in the above Offer SC(s)641 that were not previously described for another SC(s):

-   Metadata SC(s) BOM—The BOM from the original Metadata SC(s) 620. The    record in the Offer SC(s) 641 BOM includes the digest of the    Metadata SC(s) 620 BOM.-   Additional and Overridden Fields—Usage conditions information that    was overridden by the Electronic Digital Content Store(s) 103. This    information is validated by the Clearinghouse(s) 105, by means of    the received SC(s) templates, to make sure that anything that the    Electronic Digital Content Store(s) 103 overrides is within the    scope of its authorization.-   Electronic Digital Content Store(s) Certificate—A certificate    provided to the Electronic Digital Content Store(s) 103 by the    Clearinghouse(s) 105 and signed by the Clearinghouse(s) 105 using    its private key. This certificate is used by the End-User Player    Application 195 to verify that the Electronic Digital Content    Store(s) 103 is a valid distributor of Content 113. The End-User    Player Application 195 and Clearinghouse(s) 105 can verify that the    Electronic Digital Content Store(s) 103 is an authorized distributor    by decrypting the certificate's signature with the Clearinghouse's    105 Public Key 621. The End-User Player Application 195 keeps a    local copy of the Clearinghouse's 105 Public Key 621 that it    receives as part of its initialization during installation.    F. Transaction Secure Container 640 Format

The following table shows the parts that are included in the TransactionSC(s) 640 as well as its BOM and Key Description parts.

BOM Key Description Part Parts Part Exists Digest Result Name EncryptAlg Key ID/Enc Key Sym Key Alg Sym Key ID SC Version SC ID SC Type SCPublisher Date Expiration Date Digest Algorithm ID Digital Signature AlgID Transaction ID Yes Yes Output Part RSA CH Pub Key End-User(s) ID YesYes Output Part RSA CH Pub Key End-User(s)' Public Key Yes Yes OfferSC(s) Yes Yes Selections of Content Use Yes Yes HTML to Display Yes YesKey Description Part Yes Yes Electronic Digital Content Yes No Store(s)Certificate Digital Signature

The following describes the terms that are used in the above TransactionSC(s) 640 that were not previously described for another SC(s):

-   Transaction ID 535—An ID assigned by the Electronic Digital Content    Store(s) 103 to uniquely identify the transaction.-   End-User(s) ID—An identification of the End-User(s) obtained by the    Electronic Digital Content Store(s) 103 at the time the End-User(s)    makes the buying selection and provides the credit card information.-   End-User(s)' Public Key—The End-User(s)' Public Key 661 that is used    by the Clearinghouse(s) 105 tore-encrypt the Symmetric Keys 623. The    End-User(s)' Public Key 661 is transmitted to the Electronic Digital    Content Store(s) 103 during the purchase transaction.-   Offer SC(s)—Offer SC(s) 641 for the Content 113 items that were    purchased.-   Selections of Content Use—An array of Usage Conditions for each    Content 113 item being purchased by the End-User(s). There is an    entry for each Offer SC(s) 641.-   HTML to Display—One or more HTML pages that the End-User Player    Application 195 displays in the Internet browser window upon receipt    of the Transaction SC(s) 640 or during the interaction between the    End-User Device(s) 109 and the Clearinghouse(s) 105.

When the End-User Device(s) 109 receives a Transaction SC(s) 640, thefollowing steps may be performed to verify the integrity andauthenticity of the SC(s):

-   1. Verify the integrity of the Electronic Digital Content Store(s)    103 certificate using the Public Key 621 of the Clearinghouse(s)    105. The Public Key 621 of the Clearinghouse(s) 105 was stored at    the End-User Device(s) 109 after it was received as part of the    initialization of the End-User Player Application 195 during its    installation process.-   2. Verify the Digital Signature 643 of the SC(s) using the public    key from the Electronic Digital Content Store(s) 103 certificate.-   3. Verify the hashes of the SC(s) parts.-   4. Verify the integrity and authenticity of each Offer SC(s) 641    included in the Transaction SC(s) 640.    G. Order Secure Container 650 Format

The following table shows the parts that are included in the Order SC(s)650 as well as its BOM and Key Description parts. These parts eitherprovide information to the Clearinghouse(s) 105 for decryption andverification purposes or is validated by the Clearinghouse(s) 105. Theparts and BOM from the Offer SC(s) 641 are also included in the OrderSC(s) 650. The Some string in the Part Exists column of the MetadataSC(s) BOM indicates that the some of those parts are not included in theOrder SC(s) 650. The BOM from the Metadata SC(s) 620 is also includedwithout any change so that the Clearinghouse(s) 105 can validate theintegrity of the Metadata SC(s) 620 and its parts.

BOM Key Description Part Parts Part Exists Digest Result Name EncryptAlg Key ID/Enc Key Sym Key Alg Sym Key ID Metadata SC(s) Parts [ContentURL] Output Part RC4 Enc Sym Key RSA CH Pub Key [Metadata URL] OutputPart RC4 Enc Sym Key RSA CH Pub Key SC(s) Version SC(s) ID SC(s) TypeSC(s) Publisher Date Expiration Date Clearinghouse(s) URL DigestAlgorithm ID Digital Signature Alg ID Content ID Yes Yes Metadata SomeYes Usage Conditions Yes Yes SC(s) Templates Yes Yes WatermakingInstructions Yes Yes Output Part RC4 Enc Sym Key RSA CH Pub Key KeyDescription Part Yes Yes Clearinghouse(s) Certificate(s) Yes NoCertificate(s) Yes No Digital Signature Offer SC(s) Parts SC(s) VersionSC(s) ID SC(s) Type SC(s) Publisher Date Expiration Date DigestAlgorithm ID Digital Signature Alg ID Metadata SC(s) BOM Yes YesAdditional and Overridden Yes Yes Fields Electronic Digital Content YesNo Store(s) Certificate Certificate(s) Yes No Digital SignatureTransaction SC(s) Parts SC(s) Version SC(s) ID SC(s) Type SC(s)Publisher Date Expiration Date Digest Algorithm ID Digital Signature AlgID Transaction ID Yes Yes Output Part RSA CH Pub Key End-User(s) ID YesYes Output Part RSA CH Pub Key End-User(s)' Public Key Yes Yes OfferSC(s) One Offer SC(s) Yes Selections of Content Use Yes Yes HTML toDisplay in Browser Yes Yes Wdw Key Description Part Yes Yes ElectronicDigital Content Yes No Store(s) Certificate Digital Signature OrderSC(s) Parts SC(s) Version SC(s) ID SC(s) Type SC(s) Publisher DateExpiration Date Digest Algorithm ID Digital Signature Alg ID Offer SC(s)BOM Yes Yes Transaction SC(s) BOM Yes Yes Encrypted Credit Card Info YesYes Output Part RSA CH Pub Key Key Description Part Yes Yes DigitalSignature

The following describes the terms that are used in the above Order SC(s)650 that were not previously described for another SC(s):

-   Transaction SC(s) BOM—The BOM in the original Transaction SC(s) 640.    The record in the Order SC(s) 650 BOM includes the digest of the    Transaction SC(s) 640 BOM.-   Encrypted Credit Card Info.—Optional encrypted information from the    End-User(s) that is used to charge the purchase to a credit card or    debit card. This information is required when the Electronic Digital    Content Store(s) 103 that created the Offer SC(s) 641 does not    handle the customer billing, in which case the Clearinghouse(s) 105    may handle the billing.    H. License Secure Container 660 Format

The following table shows the parts that are included in the LicenseSC(s) 660 as well as its BOM. As shown in the Key Description part, theSymmetric Keys 623 that are required for decrypting the watermarkinginstructions, Content 113, and Content 113 metadata have beenre-encrypted by the Clearinghouse(s) 105 using the End-User(s)' PublicKey 661. When the End-User Device(s) 109 receives the License SC(s) 660it decrypts the Symmetric Keys 623 and use them to access the encryptedparts from the License SC(s) 660 and the Content SC(s) 630.

BOM Key Description Part Parts Part Exists Digest Result Name EncryptAlg Key ID/Enc Key Sym Key Alg Sym Key ID [Content URL] Output Part RC4Enc Sym Key RSA EU Pub Key [Metadata URL] Output Part RC4 Enc Sym KeyRSA EU Pub Key SC(s) Version SC(s) ID SC(s) Type SC(s) Publisher DateExpiration Date Digest Algorithm ID Digital Signature Alg ID Content IDYes Yes Usage Conditions Yes Yes Transaction Data Yes Yes WatermarkingYes Yes Output Part RC4 Enc Sym Key RSA EU Pub Key Instructions KeyDescriptions Yes Yes Part Certificate(s) Yes No Digital Signature

The following describes the terms that are used in the above LicenseSC(s) 660 that were not previously described for another SC(s):

-   EU Pub Key—An identifier that indicates that the End-User(s)' Public    Key 661 was used to encrypt the data.-   Order SC(s) 650 ID—The SC(s) ID taken from the Order SC(s) 650 BOM.-   Certificate Revocation List—An optional list of certificate IDs    which were previously issued and signed by the Clearinghouse(s) 105,    but are no longer considered to be valid. Any SC(s) that have a    signature which can be verified by a certificate that is included in    the revocation list are invalid SC(s). The End-User Player    Application 195 stores a copy of the Clearinghouse's 105 certificate    revocation list on the End-User Device(s) 109. Whenever a revocation    list is received, the End-User Player Application 195 replaces its    local copy if the new one is more up to date. Revocation lists    includes a version number or a time stamp (or both) in order to    determine which list is the most recent.    I. Content Secure Container Format

The following table shows the parts that are included in the ContentSC(s) 630 as well as the BOM:

BOM Parts Part Exists Digest SC(s) Version SC(s) ID SC(s) Type SC(s)Publisher Date Expiration Date Clearinghouse(s) 105 URL Digest AlgorithmID Digital Signature Alg ID Content ID Yes Yes Encrypted Content Yes YesEncrypted Metadata Yes Yes Metadata Yes Yes Certificate(s) Yes NoDigital Signature

The following describes the terms used in the above Content SC(s) 630that were not previously described for another SC(s):

-   Encrypted Content—Content 113 that was encrypted by a Content    Provider(s) 101 using a Symmetric Key 623.-   Encrypted Metadata—Metadata associated with the Content 113 that was    encrypted by a Content Provider(s) 101 using a Symmetric Key 623.

There is no Key Description part included in the Content SC(s) 630 sincethe keys required to decrypt the encrypted parts are in the LicenseSC(s) 660 that is built at the Clearinghouse(s) 105.

VI. Secure Container Packing and Unpacking

A. Overview

The SC(s) Packer is a 32-bit Windows' program with an API (ApplicationProgramming Interface) that can be called in either a multiple or singlestep process to create a SC(s) with all of the specified parts. TheSC(s) Packer 151, 152, 153 variety of hardware platforms supportingWindows' program at the Content Provider(s) 101, Clearinghouse(s) 105,Electronic Digital Content Store(s) 103 and other sites requiring SC(s)Packing. A BOM and, if necessary, a Key Description part are created andincluded in the SC(s). A set of packer APIs allows the caller to specifythe information required to generate the records in the BOM and KeyDescription parts and to include parts in the SC(s). Encryption of partsand Symmetric Keys 623 as well as computing the digests and the digitalsignature is also be performed by the packer. Encryption and digestalgorithms that are supported by the packer are included in the packercode or they are called through an external interface.

The interface to the packer for building a SC(s) is done by an API thataccepts the following parameters as input:

-   A pointer to a buffer of concatenated structures. Each structure in    the buffer is a command to the packer with the information that is    required to execute the command. Packer commands include adding    apart to the SC(s) with an associated BOM record, adding a record to    the BOM, and adding records to the Key Description part.-   A value indicating the number of concatenated structures contained    in the above described buffer.-   Name and location of the BOM part.-   A value with each bit being a defined flag or a reserved flag for    future use. The following flags are currently defined:    -   Indication as to whether all of the parts of the SC(s) should be        bundled together into a single file after all of the structures        in the buffer have been processed. Bundling the parts into a        single object is the last step that is performed when building a        SC(s).    -   Indication as to whether the digital signature is omitted from        the BOM part. If this flag is not set, then the digital        signature is computed right before the SC(s) is bundled into a        single object.

In an alternate embodiment, the interface to the packer for building aSC(s) is done by APIs that accept the following parameters as input:

-   First, an API is called to create a Bill of Materials (BOM) part by    passing in pointer to a structure that consists of information that    is used to initialize SC(s) settings that are denoted as IP records    in the SC(s) BOM part, the name to use for the BOM part, a default    location to look for parts that will be added, and a flags value.    This API returns a SC(s) handle that is used in subsequent Packer    APIs.-   The Packer has an API that is used whenever a part is added to a    SC(s). This API accepts a SC(s) handle, which was previously    returned by a previous Packer API, a pointer to a structure that    consists of information about the part that is being added, and a    flags value. Information about the part being added includes the    name and location of the part, the name to use in the BOM for the    part, the type of part that is being added, a hash value for the    part, flags, etc.-   After all of the parts have been added to the SC(s) a Packer API is    called to pack all of the parts, including the BOM part, into a    single SC(s) object, which is typically a file. This API accepts a    SC(s) handle, which was previously returned by a previous Packer    API, the name to use for the packed SC(s), a pointer to a structure    with information for signing the SC(s), and a flags value.

Either the packer or the entity calling the packer can use a SC(s)template to build a SC(s). SC(s) templates have information that defineparts and records that are required in the SC(s) that is being built.Templates can also define encryption methods and key references to usefor encrypting Symmetric Keys 623 and encrypted parts.

The packer has an API that is used to unpack a SC(s). Unpacking a SC(s)is the process of taking a SC(s) and separating it into its individualparts. The packer can then be called to decrypt any of the encryptedparts that were unpacked from the SC(s).

B. Bill of Materials (BOM) Part

The BOM part is created by the packer when a SC(s) is being built. TheBOM is a text file that contains records of information about the SC(s)and about the parts that are included in the SC(s). Each record in theBOM is on a single line with a new line indicating the start of a newrecord. The BOM usually includes digests for each part and a digitalsignature that can be used to validate the authenticity and integrity ofthe SC(s).

The record types within a BOM are as follows:

-   IP An IP record contains a set of Name=Value pairs pertaining to the    SC(s). The following Names are reserved for specific properties of    SC(s):    -   V major.minor.fix        -   The V property specifies the version of the SC(s). This is            the version number of the SC(s) specification that the SC(s)            was created under. The string that follows should be of the            form major.minor.fix, where major, minor, and fix are the            major release number, minor release number, and fix level,            respectively.    -   ID value        -   The ID property is a unique value that is assigned to this            specific SC(s) by the entity that is creating this SC(s).            The format of the value is defined in a later version of            this document.    -   T value        -   The T property specifies the type of the SC(s), which should            be one of:            -   ORD—An Order SC(s) 650.            -   OFF—An Offer SC(s) 641.            -   LIC—A License SC(s).            -   TRA—A Transaction SC(s) 640.            -   MET—A Metadata SC(s) 620.            -   CON—A Content SC(s) 630.    -   A value        -   The A property identifies the author or publisher of the            SC(s). Author/publisher identities should be unambiguous            and/or registered with the Clearinghouse(s) 105.    -   D value        -   The D property identifies the date, and optionally, the time            that the SC(s) was created. The value should be of the form            yyyy/mm/dd[@hh:mm[:ss[.fsec]][(TZ)]] representing            year/month/day@hour:minute:second.decimal-fraction-of-second            (time-zone). Optional parts of the value are enclosed in [ ]            characters.    -   E value        -   The E property identifies the date, and optionally, the time            that the SC(s) expires. The value should be the same form            used in the D property that was previously defined. The            expiration date/time should be compared, whenever possible,            with the date/time at the Clearinghouse(s) 105.    -   CCURL value        -   The CCURL property identifies the URL of the            Clearinghouse(s) 105. The value should be of the form of a            valid external URL.    -   H value        -   The H property identifies the algorithm that was used to            calculate the message digests for the parts included in the            SC(s). An example digest algorithm is MD5.-   D AD record is a data or part entry record that contains information    that identifies the type of part, the name of the part, the    (optional) digest of the part, and an (optional) indication that the    part is not included in the SC(s). A—sign immediately after the type    identifier is used to indicate that the part is not included in the    SC(s). The following are reserved types of data or part records:    -   K part_name [digest]        -   Specifies the Key Description part.    -   W part_name [digest]        -   Specifies the watermarking instructions part.    -   C part_name [digest]        -   Specifies the certificate(s) used to validate the digital            signature.    -   T part_name [digest]        -   Specifies the Usage Conditions part.    -   YF part_name [digest]        -   Specifies the Template part for the Offer SC(s) 641.    -   YO part_name [digest]        -   Specifies the Template part for the Order SC(s) 650.    -   YL part_name [digest]        -   Specifies the Template part for the License SC(s) 660.    -   ID part_name [digest]        -   Specifies the ID(s) of the Content 113 of the item(s) of            Content 113 being referenced.    -   CH part_name [digest]        -   Specifies the Clearinghouse(s) 105 certificate part.    -   SP part_name [digest]        -   Specifies the Electronic Digital Content Store(s) 103            certificate part.    -   B part_name [digest]        -   Specifies a BOM part for another SC(s) that has its parts or            a subset of its parts included in this SC(s).    -   BP part_name sc_part_name [digest]        -   Specifies a BOM part for another SC(s) that is included as a            single part in this SC(s). The sc_part_name parameter is the            name of the SC(s) part that is included in this SC(s) and            that this BOM part defines. A BOM that is identical to this            one is also included in the SC(s) that is defined by the            sc_part_name parameter.    -   D part_name [digest]        -   Specifies a data (or metadata) part.-   S An S record is a signature record the is used to define the    digital signature of the SC(s). The digital signature is specified    as follows:    -   S key_identifier signature_string signature_algorithm        -   The S record contains the key_dentifier to indicate the            encryption key of the signature, the signature_string, which            is the base64 encoding of the digital signature bitstring,            and the signature algorithm that was used to encrypt the            digest to create the digital signature.            C. Key Description Part

The Key Description part is created by the packer to provide informationabout encryption keys that are needed for decryption of SC(s) encryptedparts. The encrypted parts maybe included in the SC(s) being built ormay be in other SC(s) which are referred to by the SC(s) being built.The Key Description part is a text file that contains records ofinformation about the encryption keys and the parts for which theencryption keys are used. Each record in the Key Description part is ona single line with a new line indicating the start of a new record.

The following record type is used within a Key Description part and isdefined as follows:

-   K encrypted_part_name; result_part_name;    part_encryption_algorithm_identifier;    -   public_key_identifier    -   key_encryption_algorithm and encrypted_symmetric_key.    -   A K record specifies an encrypted part that maybe included in        this SC(s) or maybe included in another SC(s) that is referred        to by this record. The encrypted_part_name is either the name of        a part in this SC(s) or a URL pointing to the name of the        encrypted part in another SC(s). The result_part_name is the        name that is given to the decrypted part. The        part_encryption_algorithm_identifier indicates the encryption        algorithm that was used to encrypt the part. The        public_key_dentifier is an identifier of the key that was used        to encrypt the Symmetric Key 623.    -   The key_encryption_algorithm_identifier indicates the encryption        algorithm that was used to encrypt the Symmetric Key 623. The        encrypted symmetric key is a base64 encoding of the encrypted        Symmetric Key 623 bit string that was used to encrypt the part.

VII. Clearinghouse(s) 105

A. Overview

The Clearinghouse(s) 105 is responsible for the rights managementfunctions of the Secure Digital Content Electronic Distribution System100. Clearinghouse(s) 105 functions include enablement of ElectronicDigital Content Store(s) 103, verification of rights to Content 113,integrity and authenticity validation of the buying transaction andrelated information, distribution of Content encryption keys orSymmetric Keys 623 to End-User Device(s) 109, tracking the distributionof those keys, and reporting of transaction summaries to ElectronicDigital Content Store(s) 103 and Content Provider(s) 101. Contentencryption keys are used by End-User Device(s) 109 to unlock Content 113for which they have obtained rights, typically by a purchase transactionfrom an authorized Electronic Digital Content Store(s) 103. Before aContent encryption key is sent to an End-User Device(s) 109, theClearinghouse(s) 105 goes through a verification process to validate theauthenticity of the entity that is selling the Content 113 and therights that the End-User Device(s) 109 has to the Content 113. This iscalled the SC Analysis Tool 185. In some configurations theClearinghouse(s) 105 may also handle the financial settlement of Content113 purchases by co-locating a system at the Clearinghouse(s) 105 thatperforms the Electronic Digital Content Store(s) 103 functions of creditcard authorization and billing. The Clearinghouse(s) 105 uses OEMpackages such as IC Verify and Taxware to handle the credit cardprocessing and local sales taxes.

Electronic Digital Content Store(s) Embodiment

An Electronic Digital Content Store(s) 103 that wants to participate asa seller of Content 113 in the Secure Digital Content ElectronicDistribution System 100 makes a request to one or more of the DigitalContent Provider(s) 101 that provide Content 113 to the Secure DigitalContent Electronic Distribution System 100. There is no definitiveprocess for making the request so long as the two parties come to anagreement. After the digital content label such as a Music Label e.g.Sony, Time-Warner, etc. decides to allow the Electronic Digital ContentStore(s) 103 to sell its Content 113, the Clearinghouse(s) 105 iscontacted, usually via E-mail, with a request that the ElectronicDigital Content Store(s) 103 be added to the Secure Digital ContentElectronic Distribution System 100. The digital content label providesthe name of the Electronic Digital Content Store(s) 103 and any otherinformation that maybe required for the Clearinghouse(s) 105 to create adigital certificate for the Electronic Digital Content Store(s) 103. Thedigital certificate is sent to the digital content label in a securefashion, and then forwarded by the digital content label to theElectronic Digital Content Store(s) 103. The Clearinghouse(s) 105maintains a database of digital certificates that it has assigned. Eachcertificate includes a version number, a unique serial number, thesigning algorithm, the name of the issuer (e.g., the name ofClearinghouse(s) 105), a range of dates for which the certificate isconsidered to be valid, the name Electronic Digital Content Store(s)103, the public key of the Electronic Digital Content Store(s) 103, anda hash code of all of the other information signed using the private keyof the Clearinghouse(s) 105. Entities that have the Public Key 621 ofthe Clearinghouse(s) 105 can validate the certificate and then beassured that a SC(s) with a signature that can be validated using thepublic key from the certificate is a valid SC(s).

After the Electronic Digital Content Store(s) 103 has received itsdigital certificate that was created by the Clearinghouse(s) 105 and thenecessary tools for processing the SC(s) from the digital content label,it can begin offering Content 113 that can be purchased by End-User(s).The Electronic Digital Content Store(s) 103 includes its certificate andthe Transaction SC(s) 640 and signs the SC(s) using its DigitalSignature 643. The End-User Device(s) 109 verifies that the ElectronicDigital Content Store(s) 103 is a valid distributor of Content 113 onthe Secure Digital Content Electronic Distribution System 100 by firstchecking the digital certificate revocation list and then using thePublic Key 621 of the Clearinghouse(s) 105 to verify the information inthe digital certificate for the Electronic Digital Content Store(s) 103.A digital certificate revocation list is maintained by theClearinghouse(s) 105. The revocation list maybe included as one of theparts in a License SC(s) 660 that is created by the Clearinghouse(s)105. End-User Device(s) 109 keep a copy of the revocation list on theEnd-User Device(s) 109 so they can use it as part of the ElectronicDigital Content Store(s) 103 digital certificate validation. Wheneverthe End-User Device(s) 109 receives a License SC(s) 660 it determineswhether anew revocation list is included and if so, the local revocationlist on the End-User Device(s) 109 is updated.

B. Rights Management Processing

Order SC(s) Analysis

The Clearinghouse(s) 105 receives an Order SC(s) 650 from an End-User(s)after the End-User(s) has received the Transaction SC(s) 640, whichinclude the Offer SC(s) 641, from the Electronic Digital ContentStore(s) 103. The Order SC(s) 650 consists of parts that containinformation relative to the Content 113 and its use, information aboutthe Electronic Digital Content Store(s) 103 that is selling the Content113, and information about the End-User(s) that is purchasing theContent 113. Before the Clearinghouse(s) 105 begins processing theinformation in the Order SC(s) 650, it first performs some processing toinsure that the SC(s) is in fact valid and the data it contains has notbeen corrupted in any way.

Validation

The Clearinghouse(s) 105 begins the validation of Order SC(s) 650 byverifying the digital signatures, then the Clearinghouse(s) 105 verifiesthe integrity of the Order SC(s) 650 parts. To validate the digitalsignatures, first the Clearinghouse(s) 105 decrypts the Contents 631 ofthe signature itself using the Public Key 661 of the signing entityincluded if signed. (The signing entity could be the Content Provider(s)101, the Electronic Digital Content Store(s) 103, the End User Device(s)109 or any combination of them.) Then, the Clearinghouse(s) 105calculates the digest of the concatenated part digests of the SC(s) andcompares it with the digital signature's decrypted Content 113. If thetwo values match, the digital signature is valid. To verify theintegrity of each part, the Clearinghouse(s) 105 computes the digest ofthe part and compares it to the digest value in the BOM. TheClearinghouse(s) 105 follows the same process to verify the digitalsignatures and part integrity for the Metadata and Offer SC(s) 641 partsincluded within the Order SC(s) 650.

The process of verification of the Transaction and Offer SC(s) 641digital signatures also indirectly verifies that the Electronic DigitalContent Store(s) 103 is authorized by the Secure Digital ContentElectronic Distribution System 100. This is based on the fact that theClearinghouse(s) 105 is the issuer of the certificates. Alternately, theClearinghouse(s) 105 would be able to successfully verify the digitalsignatures of the Transaction SC(s) 640 and Offer SC(s) 641 using thepublic key from the Electronic Digital Content Store(s) 103, but only ifthe entity signing the SC(s) has ownership of the associated privatekey. Only the Electronic Digital Content Store(s) 103 has ownership ofthe private key. Notice that the Clearinghouse(s) 105 does not need tohave a local database of the Electronic Digital Content Store(s) 103.Since the store uses the Clearinghouse Public Key to sign theTransaction SC(s) 640 Offer SC(s) 641 public keys.

Then, the Store Usage Conditions 519 of the Content 113 which theEnd-User(s) is purchasing are validated by the Clearinghouse(s) 105 toinsure that they fall within the restrictions that were set in theMetadata SC(s) 620. Recall that the Metadata SC(s) 620 is includedwithin the Order SC(s) 650.

Key Processing

Processing of the encrypted Symmetric Keys 623 and of the watermarkinginstructions are done by the Clearinghouse(s) 105 after authenticity andthe integrity check of the Order SC(s) 650, the validation of theElectronic Digital Content Store(s) 103, and the validation of the StoreUsage Conditions 519 have been completed successfully. The MetadataSC(s) 620 portion of the Order SC(s) 650 typically has several SymmetricKeys 623 located in the Key Description part that were encrypted usingthe Public Key 621 of the Clearinghouse(s) 105. Encryption of theSymmetric Keys 623 are done by the Content Provider(s) 101 when theMetadata SC(s) 620 was created.

One Symmetric Key 623 are used for decrypting the watermarkinginstructions and the others for decrypting the Content 113 and anyencrypted metadata. Since Content 113 can represent a single song or anentire collect of songs on a CD, a different Symmetric Key 623 maybeused for each song. The watermarking instructions are included withinthe Metadata SC(s) 620 portion in the Order SC(s) 650. The Content 113and encrypted metadata are in the Content SC(s) 630 at a Content HostingSite(s) 111. The URL and part names of the encrypted Content 113 andmetadata parts, within the Content SC(s) 630, are included in the KeyDescription part of the Metadata SC(s) 620 portion of the Order SC(s)650. The Clearinghouse(s) 105 uses its private key to decrypt theSymmetric Keys 623 and then encrypts each of them using the Public Key661 of the End-User Device(s) 109. The Public Key 661 of the End-UserDevice(s) 109 is retrieved from the Order SC(s) 650. The new encryptedSymmetric Keys 623 are included in the Key Description part of theLicense SC(s) 660 that the Clearinghouse(s) 105 returns to the End-UserDevice(s) 109.

During the time of processing the Symmetric Keys 623, theClearinghouse(s) 105 may want to make modifications to the watermarkinginstructions. If this is the case, then after the Clearinghouse(s) 105decrypts the Symmetric Keys 623, the watermarking instructions aremodified and re-encrypted. The new watermarking instructions areincluded as one of the parts within the License SC(s) 660 that getsreturned to the End-User Device(s) 109.

If all of the processing of the Order SC(s) 650 is successful, then theClearinghouse(s) 105 returns a License SC(s) 660 to the End-UserDevice(s) 109. The End-User Device(s) 109 uses the License SC(s) 660information to download the Content SC(s) 630 and access the encryptedContent 113 and metadata. The watermarking instructions are alsoexecuted by the End-User Device(s) 109.

If the Clearinghouse(s) 105 is not able to successfully process theOrder SC(s) 650, then an HTML page is returned to the End-User Device(s)109 and displayed in an Internet browser window. The HTML page indicatesthe reason that the Clearinghouse(s) 105 was unable to process thetransaction.

In an alternate embodiment, if the user has purchased a copy of theContent 113 prior to the release date set for the sale, the License(s)SC 660 is returned without the Symmetric Keys 623. The License(s) SC 660is returned to the Clearinghouse(s) 105 on or after the release date toreceive the Symmetric Keys 623. As an example, the Content Provider(s)101 allow users to download a new song prior to the release date for thesong to enable customers to download the song and be prepared to playthe song before a date set by the Content Provider(s) 101. This allowsimmediate opening of the Content 113 on the release date without havingto content for bandwidth and download time on the release date.

C. Country Specific Parameters

Optionally, the Clearinghouse(s) 105 uses the domain name of theEnd-User Device(s) 109 and, whenever possible, the credit card billingaddress to determine the country location of the End-User(s). If thereare any restrictions for the sale of Content 113 in the country wherethe End-User(s) resides, then the Clearinghouse(s) 105 insures that thetransaction being processed is not violating any of those restrictionsbefore transmitting License SC(s) 660 to the End-User Device(s) 109. TheElectronic Digital Content Store(s) 103 is also expected to participatein managing the distribution of Content 113 to various countries byperforming the same checks as the Clearinghouse(s) 105. TheClearinghouse(s) 105 does whatever checking that it can in case theElectronic Digital Content Store(s) 103 is ignoring the country specificrules set by the Content Provider(s) 101.

In another embodiment, where the advertisement associated with thecontent is restricted to predefined geographic regions, the ElectronicDigital Content Store(s) 103 places the following information regardingthe end user in the Transaction Data 642 of the Transaction SC(s) 641:

-   IP Address of end users PC; and-   Address Verification Indicator (true or false).    The IP address is the address used for each computer or system on a    network such as the Internet. The IP address is made of four sets of    three numbers separated by a period for example 123.456.789.012. The    first three sets of numbers e.g., 123,456,789 that forms a unique    sub-address is called a class (C). Turning now to FIG. 20 is a block    diagram of the alternative embodiment of FIG. 2 for a Metadata SC(s)    620 illustrating a Verify Tag 2002 in the Usage Conditions 517,    according to the present invention.

The Clearinghouse(s) 105 has the appropriate logic to query a Verify Tag2002 in the Usage Conditions 517 and to determine which of the followingtests it must perform and pass successfully in order to issue thelicense.

1. Perform IP Check Test

If the IP Address (Internet Protocol) that the End User Device(s) 109 isrequesting the License SC 660 is not in the same class (C) as the IPthat was of the End User Device(s) 109 used to place the order (i.e.,the address specified in the Transaction Data 642), the Clearinghouse(s)105 will not issue a license and will send a validation rejection codeto the End User Device(s) 109 in order to display an appropriate message(e.g., “Sorry you cannot download this content in the country you arein.”). More information on determining class (C) is described in thesection below entitled “IP Class Check Service.”

2. Perform IP Test

Verify that the IP address being used from the End User Device(s) 109 torequest the license is in a Country List 2006 in the Content Usageconditions 517 from the Content Provider(s) 101. If the IP address is inthe Country List2006, then the Clearinghouse(s) 105 issues the LicenseSC(s) 660. On the other hand, if the IP Address is not in the CountryList 2006, then the Clearinghouse(s) 105 does not issue the LicenseSC(s) 660 and sends to the End User Device(s) 109 a distinct return codethat can be used to display an appropriate error message (e.g., “Sorryyou cannot download this content in the country you are in.”).

3. Address Verification

Using known address verification techniques for trusted third party suchas credit card houses, the mailing address for the End User Device(s)109 is checked should a corresponding flag be set in the TransactionData 642. If the mailing address for the end user using the End UserDevice(s) corresponds to the Country List 2006, then theClearinghouse(s) 105 issues the License SC(s) 660. On the other hand, ifthe mailing address is not in the Country List 2006, then theClearinghouse(s) 105 does not issue the License SC(s) 660 and sends tothe End User Device(s) 109 a distinct return code that can be used todisplay an appropriate error message (e.g., “Sorry you can not downloadthis content in the country you are in.”).

1. IP Class Check Service

The Clearinghouse(s) 105 provides the service of determining the countrythat a given IP address is in. This service will be provided via port80. Clients will send a Notify SC 2102. The IP address 2104 of the EndUser Device(s) 109 to be checked will be included on the Notify SC 2102.

The Clearinghouse(s) 105 keeps a cache (stored in a database or table)of class(c) IP address and the associated country code. One example of adatabase of class(c) IP address is available at online URL(http://www.ripe.net/cgi-bin/whois?<ip address>”,http://www.apnic.net/apnic-bin/whois.pl?search=<ip address>”,http://www.arin.net/cgi-bin/whois.pl?queryinput-<ip) In addition, theClearinghouse(s) 105 time/date stamps the last time it verified theaddress. Periodically, Clearinghouse(s) 105 scans the table and updatethe country code for the class(c) IP addresses and time/stamp asappropriate.

An exemplary algorithm the Clearinghouse(s) 105 uses is now described. Aquery of known IP databases such as those for class(c) IP address givenabove and checking the country codes found with in trace routes (to theIP address in question), an educated guess by the manager of theClearinghouse(s) 105 for an IP address's country of origin. Examples oftrace route servers are found at online URLs:

-   http://www.lf.net/cgi-bin/trace?<ip address>”,-   http://zeus.lyceum.com/cgi-bin/nph-bgp-routes?host-br1-atl2&query=trace&addr=<ip    address>”,-   http://net.yahoo.com/cgi-bin/trace.sh?<ip address>”,-   http://beacon.webtv.net/cgi-bin/nph-traceroute.cgi?host=<ip    address>”,-   http://traffic.stealth.net/nph-trace.cgi?<ip address>”,//usa-   http://traceroute.asiaonline.net/cgi-bin/nph-traceroute?<ip    address>”,//hong kong-   http://www.eunet.fi/cgi-bin/trace?<ip address>”,-   http://www.salvi.net/cgi-bin/tracert.pl?<ip address>”,-   http://status.dialtoneinternet.net/public/traceroute.cgi?target=<ip    address>”,//DI-   http://missinglink.transpac.org/cgi-bin/trace.cgi?<ip    address>”,//STAR*/-   http://ccj sun.riken.go.jp/cgi-bin/traceroute.pl?<ip address>”,-   http://www-engl.es.net/mp/trace?host=<ip address>”,//ESNET-   http://traceroute.hkt.net/cgi-bin/nph-traceroute?<ip address>”,//HKT-   http://www.isnet.is/cgi-bin/nph-traceroute?<ip address>”,//iceland-   http://www.infn.it/cgi-bin/traceroute.pl?<ip address>”,//italy-   http://gate.itep.ru/cgi-bin/traceroute.pl?<ip address>”,//russia-   http://noc.ilan.net.il/cgi-bin/lg.sh?router-BIU&query=trace&parameter=<ip    address>”,//israel-   http://ppewww.ph.gla.ac.uk/cgi-bin/nph-traceroute.pl?<ip    address>”,//scotland-   http://wwwmics.er.doe.gov/cgi-bin/traceroute.pl?<ip    address>”,//united states-   http://icfamon.dl.ac.uk/cgi-bin/traceroute.pl?<ip    address>”,//england-   http://radius.desy.de/cgi-bin/traceroute.pl?<ip address>”,//germany-   http://yumj.kek.jp/cgi-bin/traceroute.pl?<ip address>”,//HERL-japan-   http://sunstats.cern.ch/cgi-bin/examples/lgping.pl?command=trace&hostname=<ip    address>”,//switzerland-   http://cache01.ansp.br/cgi-bin/traceroute.pl?<ip address>”,//brazil-   http://www.netins.net/dedicated/tools/nph-traceroute.cgi?<ip    address>”,//usa-   http://cloud.kaist.kr.apan.net/cgi-bin/traceroute.pl?<ip    address>”,//south korea-   http://rainbow.inp.nsk.su/cgi-bin/traceroute.pl?<ip    address>”,//russia-   http://traceroute.physics.carleton.ca/cgi-bin/traceroute.pl?<ip    address>”,//canada-   http://www.nbi.dk/cgi-bin/traceroute.pl?<ip address>”,//denmark-   http://mx.nsu.ru/cgi-bin/trace?<ip address>”,//russia-   http://icfamon.rl.ac.uk/cgi-bin/traceroute.pl?<ip    address>”,//england-   http://cgi.cs.wisc.edu/scripts/condor/netmon/traceroute.pl?<ip    address>”,//united states-   http://www.nswrno.net.au/cgi-bin/trace?<ip address>”,//australia-   http://www.telstra.net/cgi-bin/trace?<ip address>”,//australia-   http://w3.hart.co jp/cgi-bin/nph-traceroute?<ip address>”,//JAPAN-   http://www.gip.net/cgi-bin/testtraceroute.sh?<ip address>”,//US-   http://customers.hispeedhosting.com/cgi-bin/trace.sh?<ip    address>”,//US-   http://www.bungi.com/cgi-bin/trace?<ip address>”,//US-   http://www.foothill.net/cgi-bin/nph-traceroute?<ip address>”,//US-   http://www.sprylink.net.ua/cgi-bin/nph-traceroute?<ip    address>”//ukraine

a. Pseduo Code Implementation: long ipTest(  char *pszIp, int iMode,DWOR1D dwDBTimeout, int iDBWeight, struct SERVER DBSvrs[ ], intiNumOfDBs, DWORD dwTRTimeout, int iTRWeight, struct SERVER TRSvrs[ ],int iNumOfTRs, struct RESULTS sResults[ ], int *piNumOfResults);For each database server (i.e., computer with a database of class(c) IPaddress) and for each traceroute server (i.e., computers that allowtrace routes) passed in, a separate thread is created. Each threadbegins a lookup/traceroute by contacting, via an fopen call to bookworm,the server passed to it. Each thread parses the returned results on thefly and returns a country code.

After all threads have returned or timed-out, the main program beginsthe process of selecting a country code to “go with” from the databaselookups and traceroute results. The database results are checked againstthe traceroute results. Matches are looked for and the confidence fromeach matching country code is used to determine a final confidence.After assembling a list of matched country codes, the pair with thehighest confidence is returned.

Flow: Main Program: Run Threads( ) DB Threads( ) TR Threads( ) Find CC() Determine Confidence( ) ComputeConfidence(DB results)ComputeConfidence(TR results) EndFunctions:

-   -   Run Threads—initiate a new thread for each database lookup and        each traceroute. In both cases the results for HTTP errors are        checked.    -   DB Threads—If the database queried is RIPE or APNIC, a search        for the line specifying the country. The line follows the        format:        -   country: <CC>        -   where <CC> is one of the two letter ISO country codes.        -   If the database queried is ARIN, a search for US state codes            in the address and search for the country code on a line by            itself following the format:        -   - - - <CC>        -   where each dash represents a space and <CC> is one of the            two letter ISO country codes. If a country code is not found            and a US state code is found, the function returns US, else            nothing.    -   TR Threads—If the previous hop was unsuccessful and it has taken        over seven seconds for the current hop the traceroute is stop        and use whatever country that have been parsed out already. If        the hop was successful a call to Find CC is parsed out the        country code of that hop. When the trace route completes the        function returns the last country code found.    -   Find CC—Find CC looks at the name of the server in the current        hop of a traceroute. First, a search for major US cities in the        server name is made. If a U.S. city is found, then set the        return CC to US, but allow the function to continue parsing.        -   Second, a search for:        -   where <CC> is one of the two letter ISO country codes. If a            country code is found, a check is made to determine if the            country code is followed by more text, another period, or is            the end of the server name.            -   1. If the country code is followed by more text, then                resume looking for .<CC> in the remainder of the server                name.            -   2. If the country code is followed by a period, then a                call FindCC to recursively examine the remainder of the                server name. If FindCC finds a country code in the                remainder of the string, the country code is returned                the recursive call found. Otherwise, a search is made                for one of the known Internet extensions after the                period. If an Internet extension, return the CC found.            -   3. If it is the end of the server name then it returns                the CC.    -   Determine Confidence—ComputeConfidence is called twice, passing        the database results first and the traceroute results on the        second call. If neither returned any results, an        INDETERMINABLE_CC_ERROR is returned. If only one of the modes        was selected (DB_only or TR_only) or only one returned results        then the successful mode's weight is pushed to 100 percent and        the highest result (plus any ties) is returned. If both returned        results a comparison of every DB result against every TR result.        If the results match then the confidence of that country code        is: 100−(((100−DB conf. in this CC)*(100−TR conf. in this        CC))/100). If the results do not match then the country code        with the higher confidence is selected. (If the confidences are        the same, the result of the method with the higher weight is        selected). The confidence just calculated is checked against any        previous confidences determined. If this is the highest, it is        selected to be returned. The loop then proceeds to compare the        next set of DB and TR results.    -   Compute Confidence—First all completed results and tally the        number of times each country code was returned. Then a returned        country code through the following loop:        -   1. Calculate initial confidence in returned country code.            Initial confidence=100−(2*((100−(100* fPcntAgree))/10))            where fPcntAgree is the percentage of results that were this            country code.        -   2. Go through all other returned results. For each:            Determine the margin (fMargin) which is the current country            code's percentage of returned results (fCurrent) minus the            dissenting country code's percentage of returned results            (fPcntAgree). If the dissenting country code is the same as            its country of origin:            -   a. Determine the percentage of the dissenting country                code's trace routes that were the same as the country of                origin. (fTmp)            -   b. Multiply this (fTmp) by the percentage of total                returned results that were of the dissenting country                code (fPcntAgree).            -   c. Multiply this (fTmp) by half.            -   d. Multiply this (fTmp) by 1-fMargin.            -   e. Multiply this (fTmp) by 100.            -   f. Subtract this from the current country code's                confidence and yield the country code's new confidence.        -   If the dissenting country code is not the same as its            country of origin:            -   a. Multiply fPcntAgree by 1-fMargin.            -   b. Multiply this (fTmp) by 100.            -   c. Subtract this from the current country code's                confidence and produce the country code's new                confidence.                Note that if the current country code being subtracting                from has the same country of origin as itself, then                steps a–f are perform except in step b one multiplies                fTmp by 1-fPcntAgree. After the above loop, the returned                country codes are sorted from highest to lowest and                return.

Next, after the geographical location of the end user is determined,metadata such as advertisement is matched to the end user's geographiclocation. The geographic location can be a country, a region, a state, acity, a zip code or even a particular street address if this informationcan be determined from the user's geographic location. In addition tothe Usage Conditions 517 which govern the use of the Content 113 andmetadata, in this embodiment, one or more Geographic Advertisement UsageConditions 2006 for the Advertisement to a particular end user based ongeography. The Geographic Advertisement Usage Conditions 2006 include:

-   Time Based—Run Ad for 1 day, week, month, or other time period.-   Run designated number of times (1–99+) or always.-   Run Ad during specific time periods (January 10–20, March 1–23).-   Run Ad designated by Web Store during purchase of content.-   Run Ad with specific digital selection (music, text, video,) for    example:    -   a) Music Track of Madonna.    -   b) E-Book of War & Peace.    -   c) Video of Star Wars.    -   d) New Gameboy™ Video game.-   Player Control—allow/disallow end user control over display or    playback of advertisement.-   Allow printing of special offer/coupon after display or playback.-   Allow capability to send advertisement to another user or friend.    D. Audit Logs and Tracking

The Clearinghouse(s) 105 maintains a Audit Logs 150 of information foreach operation that is performed during Content 113 purchasetransactions and report request transactions. The information can beused for a variety of purposes such as audits of the Secure DigitalContent Electronic Distribution System 100, generation of reports, anddata mining.

The Clearinghouse(s) 105 also maintains account balances in BillingSubsystem 182 for the Electronic Digital Content Store(s) 103. Pricingstructures for the Electronic Digital Content Store(s) 103 is providedto the Clearinghouse(s) 105 by the digital content labels. Thisinformation can include things like current specials, volume discounts,and account deficit limits that need to be imposed on the ElectronicDigital Content Store(s) 103. The Clearinghouse(s) 105 uses the pricinginformation to track the balances of the Electronic Digital ContentStore(s) 103 and insure that they do not exceed their deficit limits setby the Content Provider(s) 101.

The following operations are typically logged by the Clearinghouse(s)105:

-   End-User Device(s) 109 requests for License SC(s) 660-   Credit card authorization number when the Clearinghouse(s) 105    handles the billing-   Dispersement of License SC(s) 660 to End-User Device(s) 109-   Requests for reports-   Notification from the End-User(s) that the Content SC(s) 630 and    License SC(s) 660 were received and validated

The following information is typically logged by the Clearinghouse(s)105 for a License SC(s) 660:

-   Date and time of the request-   Date and time of the purchase transaction-   Content ID of the item being purchased-   Identification of the Content Provider(s) 101-   Store Usage Conditions 519-   Watermarking instruction modifications-   Transaction ID 535 that was added by the Electronic Digital Content    Store(s) 103-   Identification of the Electronic Digital Content Store(s) 103-   Identification of the End-User Device(s) 109-   End-User(s) credit card information (if the Clearinghouse(s) 105 is    handling the billing)

The following information is typically logged by the Clearinghouse(s)105 for an End-User's credit card validation:

-   Date and time of the request-   Amount charged to the credit card-   Content ID of the item being purchased-   Transaction ID 535 that was added by the Electronic Digital Content    Store(s) 103-   Identification of the Electronic Digital Content Store(s) 103-   Identification of the End-User(s)-   End-User(s) credit card information-   Authorization number received from the clearer of the credit card

The following information is typically logged by the Clearinghouse(s)105 when a License SC(s) 660 is sent to an End-User Device(s) 109:

-   Date and time of the request-   Content ID of the item being purchased-   Identification of Content Provider(s) 101-   Usage Conditions 517-   Transaction ID 535 that was added by the Electronic Digital Content    Store(s) 103-   Identification of the Electronic Digital Content Store(s) 103-   Identification of the End-User(s)

The following information is typically logged when a report request ismade:

-   Date and time of the request-   Date and time the report was sent out-   Type of report being requested-   Parameters used to generate the report-   Identifier of the entity requesting the report    E. Reporting of Results

Reports are generated by the Clearinghouse(s) 105 using the informationthat the Clearinghouse(s) 105 logged during End-User(s) purchasetransactions. Content Provider(s) 101 and Electronic Digital ContentStore(s) 103 can request transaction reports from the Clearinghouse(s)105 via a Payment Verification Interface 183 so they can reconcile theirown transaction databases with the information logged by theClearinghouse(s) 105. The Clearinghouse(s) 105 can also provide periodicreports to the Content Provider(s) 101 and Electronic Digital ContentStore(s) 103.

The Clearinghouse(s) 105 defines a secure electronic interface whichallows Content Provider(s) 101 and Electronic Digital Content Store(s)103 to request and receive reports. The Report Request SC(s) includes acertificate that was assigned by the Clearinghouse(s) 105 to the entityinitiating the request. The Clearinghouse(s) 105 uses the certificateand the SC's digital signature to verify that the request originatedfrom an authorized entity. The request also includes parameters, such astime duration, that define the scope of the report. The Clearinghouse(s)105 validates the request parameters to insure that requesters can onlyreceive information for which they are permitted to have.

If the Clearinghouse(s) 105 determines that the Report Request SC(s) isauthentic and valid, then the Clearinghouse(s) 105 generates a reportand pack it into a Report SC(s) to be sent to the entity that initiatedthe request. Some reports maybe automatically generated at defined timeintervals and stored at the Clearinghouse(s) 105 so they can beimmediately sent when a request is received. The format of the dataincluded in the report is defined in a later version of this document.

F. Billing and Payment Verification

Billing of Content 113 can be handled either by the Clearinghouse(s) 105or by the Electronic Digital Content Store(s) 103. In the case where theClearinghouse(s) 105 handles the billing of the electronic Content 113,the Electronic Digital Content Store(s) 103 separates the End-User(s)'order into electronic goods and, if applicable, physical goods. TheElectronic Digital Content Store(s) 103 then, notifies theClearinghouse(s) 105 of the transaction, including the End-User(s)'billing information, and the total amount that needs to be authorized.The Clearinghouse(s) 105 authorizes the End-User(s)' credit card andreturns a notification back to the Electronic Digital Content Store(s)103. At the same time the Clearinghouse(s) 105 is authorizing theEnd-User(s)' credit card, the Electronic Digital Content Store(s) 103can charge the End-User(s)' credit card for any physical goods that arebeing purchased. After each electronic item is downloaded by theEnd-User Device(s) 109, the Clearinghouse(s) 105 is notified so theEnd-User(s)' credit card can be charged. This occurs as the last step bythe End-User Device(s) 109 before the Content 113 is enabled for use atthe End-User Device(s) 109.

In the case where the Electronic Digital Content Store(s) 103 handlesthe billing of the electronic Content 113, the Clearinghouse(s) 105 isnot notified about the transaction until the End-User Device(s) 109sends the Order SC(s) 650 to the Clearinghouse(s) 105. TheClearinghouse(s) 105 is still notified by the End-User Device(s) 109after each electronic item is downloaded. When the Clearinghouse(s) 105is notified it sends a notification to the Electronic Digital ContentStore(s) 103 so that the Electronic Digital Content Store(s) 103 cancharge the End-User(s)' credit card.

G. Retransmissions

The Secure Digital Content Electronic Distribution System 100 providesthe ability to handle retransmissions of Content 113. This is typicallyperformed by a Customer Service Interface 184. Electronic DigitalContent Store(s) 103 provides a user interface that the End-User(s) canstep through in order to initiate are transmission. The End-User(s) goesto the Electronic Digital Content Store(s) 103 site where the Content113 item was purchased in order to request a retransmission of theContent 113.

Retransmissions of Content 113 are done when an End-User(s) requests anew copy of a previously purchased Content 113 item because the Content113 could not be downloaded or the Content 113 that was downloaded isnot usable. The Electronic Digital Content Store(s) 103 determineswhether the End-User(s) is entitled to do a retransmission of theContent 113. If the End-User(s) is entitled to a retransmission, thenthe Electronic Digital Content Store(s) 103 builds a Transaction SC(s)640 that includes the Offer SC(s) 641 of the Content 113 item(s) beingretransmitted. The Transaction SC(s) 640 is sent to the End-UserDevice(s) 109 and the identical steps as for a purchase transaction areperformed by the End-User(s). If the End-User Device(s) 109 has ascrambled key(s) in the key library for the Content 113 item(s)undergoing retransmission, then the Transaction SC(s) 640 includesinformation that instructs the End-User Device(s) 109 to delete thescrambled key(s).

In the case where the Clearinghouse(s) 105 handles the financialsettlement of Content 113 purchases, the Electronic Digital ContentStore(s) 103 includes a flag in the Transaction SC(s) 640 that iscarried forward to the Clearinghouse(s) 105 in the Order SC(s) 650. TheClearinghouse(s) 105 interprets the flag in the Order SC(s) 650 andproceed with the transaction without charging the End-User(s) for thepurchase of the Content 113.

VIII. Content Provider

A. Overview

The Content Provider(s) 101 in the Secure Digital Content ElectronicDistribution System 100 is the digital content label or the entity whoowns the rights to the Content 113. The role of the Content Provider(s)101 is to prepare the Content 113 for distribution and make informationabout the Content 113 available to Electronic Digital Content Store(s)103 or retailers of the downloadable electronic versions of the Content113. To provide the utmost security and rights control to the ContentProvider(s) 101, a series of tools are provided to enable the ContentProvider(s) 101 to prepare and securely package their Content 113 intoSC(s) at their premises so that the Content 113 is secure when it leavesthe Content Provider(s)' 101 domain and never exposed or accessible byunauthorized parties. This allows Content 113 to be freely distributedthroughout a non-secure network, such as the Internet, without fear ofexposure to hackers or unauthorized parties.

The end goal of the tools for the Content Provider(s) 101 is to prepareand package a Content 113 such as a song or series of songs into ContentSC(s) 630 and to package information describing the song, approved usesof the song (content Usage Conditions 517), and promotional informationfor the song into a Metadata SC(s) 620. To accomplish this, thefollowing set of tools are provided:

-   Work Flow Manager 154—Schedules processing activities and manages    the required synchronization of processes.-   Content Processing Tools 155—A collection of tools to control    Content 113 file preparation including Watermarking, Preprocessing    (for an audio example any required equalization, dynamics    adjustment, or re-sampling) encoding and compression.-   Metadata Assimilation and Entry Tool 161—A collection of tools used    to gather Content 113 description information from the Database 160    of the Content Provider(s) and/or third party database or data    import files and/or via operator interaction and provides means for    specifying content Usage Conditions 517. Also provided is an    interface for capturing or extracting content such as digital audio    content for CDS or DDP files. A Quality Control Tool enables to    preview of prepared content and metadata. Any corrections needed to    the metadata or resubmission of the content for further processing    can be conducted.-   SC(s) Packer Tool 152—Encrypts and packages all Content 113 and    information and calls the SC(s) Packer to pack into SC(s).-   Content Dispersement Tool (not shown)—Disperses SC(s) to designated    distribution centers, such as Content Hosting Site(s) 111 and    Electronic Digital Content Store(s) 103.-   Content Promotions Web Site 156—stores Metadata SC(s) 620 and    optionally additional promotional material for download by    authorized Electronic Digital Content Store(s) 103.    B. Work Flow Manager 154

The purpose of this tool is to schedule, track, and manage Content 113processing activities. This application enables multi-user access aswell as allowing scheduling of Content 113 and status checking fromremote locations within the Intranet or extranet of the ContentProvider(s) 101. This design also allows for collaborative processingwhere multiple individuals can be working on multiple pieces of Content113 in parallel and different individuals can be assigned specificresponsibilities and these individuals can be spread throughout theworld.

Turning now to FIG. 8 is a block diagram of the major processes of theWork Flow Manager 154 corresponding to FIG. 7. The major processes inFIG. 8 summarizes the Content 113 processing functions provided by thetools described in this section. The Work Flow Manager 154 isresponsible for feeding jobs to these processes and directing jobs tothe next required process upon completion of its current process. Thisis accomplished through a series of Application Programming Interfaces(APIs) which each processing tool calls to:

-   retrieve the next job to process-   indicate successful completion of a process-   indicate unsuccessful completion of a process and reason for the    failure-   provide interim status of a process (to allow initiation of    processes that require only partial completion of a dependent    process)-   add comments to a product which are made available to the designated    processes

The Work Flow Manager 154 also has a user interface, an example WorkFlow Manager User Interface 700 is illustrated in FIG. 7 which providesthe following functions:

-   a configuration panel to allow specification of default values and    conditions to be assigned and performed during various stages of    processing-   customization of the work flow rules and automated processing flows-   job scheduling-   status queries and reports-   add comments or instructions for a job associated to one or more    processes job management (i.e. suspend, release, remove, change    priority (order of processing))

Each process has a queue associated with it managed by the Work FlowManager 154. All processes requesting jobs from the Work Flow Manager154 results in the Work Flow Manager 154 either suspending the process(tool) in await state if there are no jobs currently in its associatedqueue or returning to the process all information about the job neededto perform its respective process. If a process is suspended in a waitstate, it resumes processing when a job is placed on its queue by theWork Flow Manager 154.

The Work Flow Manager 154 also manages the flow or order of processingbased on a set of defined rules. These rules can be customized by theContent Provider(s) 101 if it has special processing requirements orconfigures specific defaults rules. When a process reports completion ofits assigned task, it notifies the Work Flow Manager 154 of this statusand the Work Flow Manager 154 decides what queue the job gets placed onnext based on the defined rules.

Comments indicating special handling instructions or notices may also beattached to the product at any of the processing steps via either theprogramming API or manually through the Work Flow Manager User Interface700 or processor interfaces.

The processes in the Work Flow Manager 154 are implemented in Java inthe preferred embodiment but other programming languages such as C/C++,Assembler and equivalent can be used. It should be understood that theprocesses described below for the Work Flow Manager 154 can run on avariety of hardware and software platforms. The Work Flow Manager 154 asa complete system or as any of it's constitute processes may bedistributed as an application program in a computer readable mediumincluding but not limited to electronic distribution such as the web oron floppy diskettes, CD ROMS and removable hard disk drives.

Turning now to FIG. 8 is a block diagram of the major processes of theWork Flow Manager 154 corresponding to FIG. 7. The following sectionssummarize each process and describes the information or action requiredby each process.

1. Products Awaiting Action/Information Process 801

Jobs are placed on specific processes queues once all informationrequired by that process is available and the job has alreadysuccessfully completed all dependent processing. A special queue existsin the Work Flow Manager 154 which is used to hold jobs that are notcurrently available for processing due to missing information or afailure that prevent further processing. These jobs are placed in theProducts Awaiting Action/Information Process 801 queue. Each job in thisqueue has associated status to indicate the action or information it iswaiting on, the last process that worked on this job, and the nextprocess(es) this job is queued to once the missing or additionalinformation is provided or the required action is successfullycompleted.

Completion of any process causes the Work Flow Manager 154 to check thisqueue and determine if any job in this queue was awaiting the completionof this process (action) or information provided by this process. If so,that job is queued to the appropriate process queue.

2. New Content Request Process 802

The Content Provider(s) 101 determines those products (for example, aproduct maybe a song or a collection of songs) it wishes to sell anddeliver electronically. The initial function of the Work Flow Manager154 is to enable an operator to identify these products and to placethem on the queue of the New Content Request Process 802. The ContentProvider(s) 101 may specify through configuration options, whatinformation is prompted for on the product selection interface. Enoughinformation is entered to uniquely identify the product. Optionally,additional fields maybe included to request manual entry of theinformation required to initiate the audio processing phase in parallelwith the metadata acquisition. If not provided manually, thisinformation can optionally be retrieved from default configurationsettings or from the Database 160 of the Content Provider(s), obtainedin the first stage of Metadata Processing as in Automatic MetadataAcquisition Process 803. The makeup and capabilities of the Content 113in the Database 160 of the Content Provider(s) determines the Contentselection process.

If the required information needed to perform a query to the Database160 of the Content Provider(s) 101 is specified, the job is processed bythe Automatic Metadata Acquisition Process 803. In a music embodiment,to properly schedule the product for audio processing, the product'sgenre and the desired compression levels are specified as well as theaudio PCM or WAV filename(s). This information maybe entered as part ofthe product selection process or selected via a customized queryinterface or Web browser function. Specification of this informationenables the product to be scheduled for content processing.

The product selection user interface provides an option enabling theoperator to specify whether the product can be released for processingor whether it are held pending further information entry. If held, thejob is added to the queue of the New Content Request Process 802awaiting further action to complete data entry and/or release theproduct for processing. Once the product is released, the Work FlowManager 154 evaluates the information specified and determines whichprocesses the job is ready to be passed to.

If adequate information is provided to enable an automated query to theDatabase 160 of the Content Provider(s)' 101, the job is queued forAutomatic Metadata Acquisition Process 803. If the database mappingtable has not been configured for the Automatic Metadata AcquisitionProcess 803, the job is queued for Manual Metadata Entry Process 804(see Automatic Metadata Acquisition Process 803 section for details onthe Database Mapping Table).

If the required general information for audio processing and thespecific information required for watermarking is specified, the job isqueued for Watermarking Process 808 (the first phase of contentprocessing). If any of the required information is missing when the jobis released, the job is queued to the queue of the Products AwaitingAction/Information Process 801 along with status indicating theinformation that is missing.

If the status indicates that the filename of the Content 113, forexample where the Content 113 is audio and the PCM or WAV file ismissing, this may indicate that a capture (or digital extraction fromdigital media) is required. The audio processing functions require thatthe song files be accessible via a standard file system interface. Ifthe songs are located on external media or a file system that is notdirectly accessible to the audio processing tools, the files are firstbe copied to an accessible file system. If the songs are in digitalformat but on CD or Digital Tape, they are extracted to a file systemaccessible to the audio processing tools. Once the files are accessible,the Work Flow Manager User Interface 700 is used to specify or selectthe path and filename for the job so that it can be released to thewatermarking process, assuming all other information required forwatermarking has also been specified.

3. Automatic Metadata Acquisition Process 803

The Automatic Metadata Acquisition Process 803 performs a series ofqueries to the Database 160 of the Content Provider(s) 101 or a stagingdatabase where data has been imported, in an attempt to obtain as muchof the product information as possible in an automated fashion. TheAutomatic Metadata Acquisition Process 803 requires the followinginformation prior to allowing items to be placed on its queue:

-   database mapping table with adequate information to generate queries    to the Database 160 of the Content Provider(s) 101-   product information required to perform queries-   adequate product information to uniquely define product

An automated query is performed to the Database 160 of the ContentProvider(s) 101 to obtain the information necessary to process thisContent 113. For example, if the Content 113 is music, the informationneeded to perform this query could be the album name or maybe a UPC or aspecific album or selection ID as defined by the Content Provider(s)101. Of the information to be obtained, some is designated as required(see the section on Automatic Metadata Acquisition Process 803 fordetails). If all required information is obtained, the job is nextqueued for Usage Conditions Process 805. If any required information ismissing, the song is queued for Manual Metadata Entry Process 804. Ifany jobs in the Products Awaiting Action/Information Process 801 queueare waiting for any of the information obtained in this step, the jobsstatus is updated to indicate that it is no longer waiting for thisinformation. If that job no longer has any outstanding requirements, itis queued to the next defined queue.

4. Manual Metadata Entry Process 804

The Manual Metadata Entry Process 804 provides a means for an operatorto enter missing information. It has no dependencies. Once all requiredinformation is specified, the job is queued for Usage Conditions Process805.

5. Usage Conditions Process 805

The Usage Conditions Process 805 allows specification of product usesand restrictions. The Usage Conditions Process 805 may require somemetadata. Upon completion of Usage Conditions specifications, the job iseligible to be queued for Metadata SC(s) Creation Process 807 unless theSupervised Release Process 806 option has been requested or isconfigured as the default in the Work Flow Manager 154 rules. In thatcase, the job is queued for Supervised Release Process 806. Beforequeuing to Metadata SC(s) Creation Process 807, the Work Flow Manager154 will first assure that all dependencies for that process have beenmet (see below). If not, the job is queued to the Products AwaitingAction/Information Process 801.

6. Supervised Release Process 806

The Supervised Release Process 806 allows a quality check and validationof information specified for the digital content product. It does nothave any dependencies. Comments previously attached to the job at anystage of the processing for this product can be reviewed by theSupervisor and appropriate action taken. After reviewing all informationand comments, the Supervisor has the following options:

-   approve release and queue the product for Metadata SC(s) Creation    Process 807-   modify and/or add information and queue the product for Metadata    SC(s) Creation Process 807-   add comments to the job and re-queue for Manual Metadata Entry    Process 804-   add comments and queue the job to the queue for Products Awaiting    Action/Information Process 801    7. Metadata SC(s) Creation Process 807

The Metadata SC(s) Creation Process 807 gathers together all theinformation collected above as well as other information required forthe Metadata SC(s) 620 and calls the SC(s) Packer Process to create theMetadata SC(s) 620. This tool requires the following as input:

-   the required metadata-   the usage conditions-   the encryption keys used in the encryption stage of all quality    levels for this product

This last dependency requires that the associated audio objectscompleted the audio processing phase before the Metadata SC(s) 620 canbe created. Upon completion of the Metadata SC(s) Creation Process 807,the job is queued to either the queue for Final Quality AssuranceProcess 813 or Content Dispersement Process 814 based on defined workflow rules.

8. Watermarking Process 808

The Watermarking Process 808 adds copyright and other information to theContent 113. For an embodiment where the Content 113 is a song, thistool requires the following as input:

-   song filename(s) (multiple filenames if album)-   watermarking instructions-   watermarking parameters (information to be included in the    watermark)

Upon completion of the Watermarking Process 808, the job is queued forPreprocessing and Compression Process 809 if its required input isavailable or otherwise queued to the Products AwaitingAction/Information Process 801.

9. Preprocessing and Compression Process 809

The Preprocessing and Compression Process 809 encodes the Content 113 tothe specified compression level performing any required preprocessingfirst. Queuing a job to this queue actually create multiple queueentries. A job is created for each compression level of the productdesired. The encoding processes can be performed in parallel on multiplesystems. This tool requires the following input:

-   watermarked content filename(s) (multiple filenames if Content 113    is an album)-   quality levels for product (could be preconfigured)-   compression algorithm (could be preconfigured)-   product genre (if required by preprocessor)

Upon completion of the encoding process, the jobs are queued to theContent Quality Control Process 810 if configured by the work flowrules. If not, the jobs are queued for Encryption Process 811.

If third party providers of encoding tools do not provide a method todisplay the percentage of the Content 113, such as audio, that has beenprocessed or a method to indicate the amount of Content 113 that hasbeen encoded as a percentage of the entire selection of Content 113selected, in FIG. 11 there is shown a flow diagram 1100 of a method todetermine the encoding rate of Digital Content for the ContentPreprocessing and Compression tool of FIG. 8. The method begins with theselection of the desired encoding algorithm and a bit rate, step 1101.Next, a query is made to determine if this algorithm and encoding ratehas a previously calculated rate factor, step 1102. The rate factor isthe factor used to determine the rate of compression for a specificencoding algorithm and a specific bit rate. If no previously calculatedrate factor is stored, a sample of the Content 113 is encoded for apredetermined amount of time. The predetermined period of time in thepreferred embodiment is a few seconds. This rate of encoding for apredetermined period of time is used to calculate anew rate factorR_(NEW). Calculating a new rate factor R_(NEW) knowing the amount oftime and the amount of Content 113 encoded is R_(NEW)=(length of DigitalContent encoded)/(amount of time), step 1108. The Content 113 is encodedand the encoding status is displayed using the previously calculate ratefactor R_(NEW), step 1109. This encoding rate factor R_(NEW) is thenstored, step 1107, for future use for this encoding algorithm andencoding bit rate. If the selected algorithm has a previously calculatedrate factor R_(STORED) step 1103. The Content 113 is encoded and theprogression displayed using the previously calculated rate factorR_(STORED), step 1104. In the meantime, a current rate factor,R_(current) is calculated for this selected algorithm and bit rate, step1105. This current rate factor R_(current) is used to update the storedrate factor R_(NEW)=AVERAGE OF (R_(STORED)+R_(CURRENT)), step 1106. Theiterative update of the rate factor enables the determination of theencoding rate to become more and more accurate with each subsequent usefor a particular encoding algorithm and bit rate. The new rate R_(NEW)is then stored for future use, step 1107. The updating of R_(STORED) maynot be made if the current rate factor R_(current) is out range for thepreviously stored rate factor R_(STORED) by a given range or threshold.

The display of the encoding status can then be presented. The encodingstatus includes along with the current encoding rate, the display of thepercentage of the total Content 113 displayed as a progression bar basedon the encoding rate and the total length of the file for the Content113. The encoding status can also include the time remaining for theencoding. The time remaining for the encoding can be calculated bydividing the encoding rate calculated R_(CURRENT) by the total length ofthe file for Content 113. The encoding status can be transferred toanother program that may invoke the calling process. This can helpsupervisory programs to encoding or co-dependent programs on encoding beoperated and be batched for processing more efficiently. It should beunderstood, in an alternative embodiment, that encoding can include thestep of watermarking.

10. Content Quality Control Process 810

The Content Quality Control Process 810 is similar in function to theSupervised Release Process 806. It is an optional step allowing someoneto validate the quality of the content processing performed thus far.This has no dependencies other than completion of the WatermarkingProcess 808 and the encoding portion of the Preprocessing andCompression Process 809. Upon completion of the Content Quality ControlProcess 810 the following options are available:

-   the jobs can be released and queued for Encryption Process 811.-   comments can be attached and one or more of the jobs re-queued for    Preprocessing and Compression Process 809.

The last option requires that the unencoded watermarked version of thesong file remain available until after Content Quality Control Process810.

11. Encryption Process 811

The Encryption Process 811 calls the appropriate Secure Digital ContentElectronic Distribution Rights Management function to encrypt each ofthe watermarked/encoded song files. This process has no dependenciesother than completion of all other audio processing. Upon completion ofthe Encryption Process 811 process, the job is queued for Content SC(s)Creation Process 812.

12. Content SC(s) Creation Process 812

The Content SC(s) Creation Process 812 Process may require some metadatafiles to be included in the Content SC(s) 630. If files other than theContent 113 are required, the files are gathered and the SC(s) PackerProcess is called to create a Content SC(s) 630 for each compressionlevel of the Content 113 (e.g. a song) created. Upon completion of theContent SC(s) Creation Process 812, the song is queued to either theFinal Quality Assurance Process 813 or Content Dispersement Process 814queue based on defined work flow rules.

13. Final Quality Assurance Process 813

Final Quality Assurance Process 813 is an optional step that allows across reference check between the associated Metadata and Content SC(s)630 to verify that they match up correctly and that all information andContent 113 contained therein are correct. Upon completion of FinalQuality Assurance Process 813, the jobs are queued for ContentDispersement Process 814. If a problem is found, the job in most caseshas to be re-queued to the failing stage. Rework at this stage is muchmore costly since the product has to go through re-encryption andrepacking in addition to the reprocessing required to correct theproblem. It is highly recommended that the prior assurance stages beused to assure the quality of the Content 113 and accuracy andcompleteness of the information.

14. Content Dispersement Process 814

The Content Dispersement Process 814 Process is responsible fortransferring the SC(s) to the appropriate hosting sites. After thesuccessful transfer of the SC(s), the job completion status is loggedand the job is deleted from the queue. If a problem occurs intransferring the SC(s), after a defined number of retries, the job isflagged in the Workflow Manager Tool 154 as having failed along with theerror encountered.

15. Work Flow Rules

The Work Flow Rules for FIG. 8 operate in three major systems asfollows:

-   A: Work Flow Manager Tool 154    -   1. New Content Request Process 802    -   2. Products Awaiting Action/Information Process 801    -   3. Final Quality Assurance Process 813    -   4. Content Dispersement (and Notification) Process 814-   B: Metadata Assimilation and Entry Tool 161    -   1. Automatic Metadata Acquisition Process 803    -   2. Manual Metadata Entry Process 804    -   3. Supervised Release Process 806    -   4. Metadata SC(s) Creation Process 807-   C: Content Processing Tools 155    -   1. Watermarking Process 808 (requires copyright data)    -   2. Preprocessing and Compression Process 809    -   3. Content Quality Control Process 810    -   4. Encryption Process 811    -   5. Content SC(s) Creation Process 812        Work Flow

The Content 113 selection operator inputs a new product and it startsout queued onto A1 (New Content Request Process 802).

-   A1: When the Content 113 selection operator releases it to the Work    Flow Manager Tool 154, then it gets queued onto B1 (the Automatic    Metadata Acquisition Process 803).-   A2: coming from step B1 (the Automatic Metadata Acquisition Process    803),    -   or step B2 (Manual Metadata Entry Process 804),    -   or step B3 (Supervised Release Process 806)    -   on its way to step Before (the Metadata SC(s) Creation Process        807)    -   [needs the encryption keys].-    coming from step Before (the Metadata SC(s) Creation Process 807)    -   on its way to either step A3 (the Final Quality Assurance        Process 813) or step A4 (the Content Dispersement Process 814)    -   [needs the Content SC(s) 630].-    coming from step C1 (the Watermarking Process 808)    -   on its way to step C2 (the Preprocessing and Compression Process        809)    -   [needs the metadata for Preprocessing and Compression Process        809].-    coming from step C4 (the Encryption Process 811)    -   on its way to step C5 (the Content SC(s) Creation Process 812)    -   [needs the metadata for Content SC(s) 630 Packing].-    coming from step C5 (the Content SC(s) Creation Process 812)    -   on its way to either step A3 (the Final Quality Assurance        Process 813) or step A4 (the Content Dispersement Process 814)    -   [needs the Metadata SC(s) 620].-   A3: After step A3 (the Final Quality Assurance Process 813),    -   place onto queue B2 (Manual Metadata Entry Process 804),    -   or place onto queue B3 (Supervised Release Process 806),    -   or place into queue as required by the quality assurance        operator.-   A4: After step A4 (Content Dispersement Process 814),    -   the Work Flow Manager Tool 154 is done for this product.-   B1: After step B1 (the Automatic Metadata Acquisition Process 803),    -   if the metadata needed for step C1 (the Watermarking Process        808) is present, then place an entry representing this product        onto queue C1.    -   (do the following logic also)    -   if either 1-any required metadata is missing, or 2-there are        comments directed to the manual metadata providers, then also        place the product onto queue B2 (Manual Metadata Entry Process        804),    -   else if supervised release was requested for this product, then        place the product onto queue B3 (Supervised Release Process        806).    -   else if the product has all the information from the Content        Processing Tools 155 for all of the requested quality levels,        then place the product onto queue Before (the Metadata SC(s)        Creation Process 807),    -   else flag the product as needs the encryption keys and place the        product onto queue A2 (Products Awaiting Action/Information        Process 801).-   B2: During step B2 (Manual Metadata Entry Process 804),    -   if step C1 (the Watermarking Process 808) has not been done and        the metadata needed for    -   step C1 is present, then place an entry representing this        product onto queue C1.    -   (do the following logic also)    -   if metadata needed for step C2 (the Preprocessing and        Compression Process 809) just been provided, then    -   (do the following logic also)    -   if all the metadata that can be gathered by the Metadata        Assimilation and Entry Tool 161 is present, then        -   if supervised release was requested for this product, then            place the product onto queue B3 (Supervised Release Process            806)        -   else            -   if all the information from step C4 (the Encryption                Process 811) of the Content Processing Tools 155 is                present, then place this product onto queue Before (the                Metadata SC(s) Creation Process 807)            -   else flag the product as needs the encryption keys and                place this product onto queue            -   A2 (Products Awaiting Action/Information Process 801).        -   else            -   if the metadata provider requested a forced supervised                release, then place the product onto queue B3                (Supervised Release Process 806)            -   else do nothing (keep the product on queue B2 (Manual                Metadata Entry Process 804)).-   B3: During step B3 (Supervised Release Process 806),    -   if this operator is sending the product back to step B2 (Manual        Metadata Entry Process 804), then place the product on queue B2.    -   else if this operator released the product, then        -   if all the information from step C4 (the Encryption Process            811) of the Content Processing Tools 155 is present, then            place this product onto queue Before (the Metadata SC(s)            Creation Process)        -   else flag the product as needs the encryption keys and place            this product onto queue A2 (Products Awaiting            Action/Information Process 801).    -   else the product remains on queue B3 (Supervised Release Process        806).-   Before: After step Before (the Metadata SC(s) Creation Process 807),    -   flag the product Metadata has been packed.    -   if all the (product/quality level) tuples have been packed, then        -   if the Content Provider(s)' 101 configuration specifies            Quality Assure the SC(s), then place this product onto queue            A3 (the Final Quality Assurance Process 813)        -   else place this product onto queue A4 (the Content            Dispersement Process 814).    -   else flag the product as needs the Content 113 SC(s) and place        this product onto queue A2 (Products Awaiting Action/Information        Process 801).-   C1: After step C1 (the Watermarking Process 808),    -   if the metadata needed for step C2 (the Preprocessing and        Compression Process 809) is present, then create an entry for        each (product/quality level) tuple and place them onto queue C2,    -   else flag the product as needs the metadata for        Preprocessing/Compression and place this product onto queue A2        (Products Awaiting Action/Information Process 801).-   C2: After step C2 (the Preprocessing and Compression Process 809),    -   if the Content Provider(s)' 101 configuration specifies Content        Quality Control Process 810, then place this (product/quality        level) tuple onto queue C3 (the Content Quality Control Process        810),    -   else place this (product/quality level) tuple onto queue C4 (the        Encryption Process 811).-   C3: After step C3 (the Content Quality Control Process 810), then    place this (product/quality level) tuple onto queue C4 (the    Encryption Process 811).-   C4: After step C4 (the Encryption Process 811),    -   provide the needed information (i.e., the Symmetric Key 623        generated by the Process and used to encipher the Content 113)        to the Metadata Assimilation and Entry Tool 161.    -   if all the metadata that's required for the Content SC(s) 630 is        present, then place this (product/quality level) tuple onto        queue C5 (the Content SC(s) CreationProcess 812),    -   else flag the product as needs the metadata for Content SC(s)        630 Packing and place this (product/quality level) tuple onto A2        (Products Awaiting Action/Information Process 801).-   C5: After step C5 (the Content SC(s) Creation Process 812),    -   flag the quality level the Content 113 at this quality level has        been packed.    -   if all the (product/quality level) tuples have been packed, then        -   if the product is flagged Metadata has been packed, then            -   if the Content Provider(s)' 101 configuration specifies                Quality Assure the SC(s),                -   then place this product onto queue A3 (the Final                    Quality Assurance Process 813)            -   else place this product onto queue A4 (the Content                Dispersement Process 814)        -   else flag the product as needs the Metadata SC(s) 620 and            place this product onto queue A2 (Products Awaiting            Action/Information Process 801).    -   else (all the (product/quality level) tuples have not been        packed) do nothing (another (product/quality level) tuple        triggers an action).        C. Metadata Assimilation and Entry Tool

Metadata consists of the data describing the Content 113 for example inmusic, title of the recording, artist, author/composer, producer andlength of recording. The following description is based upon Content 113being music but it should be understood by those skilled in the art thatother content types e.g., video, programs, multimedia, movies, andequivalent, are within the true scope and meaning of the presentinvention.

This Subsystem brings together the data the Content Provider(s) 101provides to the Electronic Digital Content Store(s) 103 to help promotethe sale of the product (e.g., for music, sample clips by this artist,history of this artist, list of albums on which this recording appears,genres associated with this artist and/or product), the data the ContentProvider(s) 101 provides to the End-User(s) with the purchased product(e.g., artist, producer, album cover, track length), and the differentpurchase options (the Usage Conditions 517) the Content Provider(s) 101wants to offer the End-User(s). The data is packaged into a MetadataSC(s) 620 and made available to the Electronic Digital Content Store(s)103. To accomplish this, the following tools are provided:

-   Automatic Metadata Acquisition Tool-   Manual Metadata Entry Tool-   Usage Conditions Tool-   Supervised Release Tool

These tools enable Content Provider(s) 101 to implement the processesdescribed above for Work Flow Manager 154. Tools described here are atoolkit based on Java in the preferred embodiment but other programminglanguages such as C/C++, Assembler and equivalent can be used.

1. Automatic Metadata Acquisition Tool

The Automatic Metadata Acquisition Tool provides a user the ability toimplement the Automatic Metadata Acquisition Process 803 describedabove. The Automatic Metadata Acquisition Tool is used to access theDatabase 160 of the Content Provider(s) 101 and to retrieve as much dataas possible without operator assistance. Configuration methods areavailable to automate this process. The Content Provider(s) 101 cantailor the default metadata template to identify the types of data thisContent Provider(s) 101 wants to provide to End-User(s) (e.g., composer,producer, sidemen, track length) and the types of promotional data theContent Provider(s) 101 provides to the Electronic Digital ContentStore(s) 103 (e.g., for a music example, sample clips by this artist, ahistory of this artist, the list of albums on which this recordingappears, genres associated with this artist). The default metadatatemplate includes data fields which are required by the End-UserDevice(s) 109, data fields which can be optionally provided to theEnd-User Device(s) 109 and a sample set of data fields, targeted to theElectronic Digital Content Store(s) 103, that promote the artist, album,and/or single.

To extract the template data fields from the Database 160 of the ContentProvider(s) 101 the Automatic Metadata Acquisition Tool uses a tablethat maps the type of data (e.g., composer, producer, a biography of theartist) to the location within the database where the data can be found.Each of the Content Provider(s) 101 help specify that mapping table fortheir environment.

The Automatic Metadata Acquisition Tool uses a metadata template of theContent Provider(s) 101 and mapping table to acquire whatever data isavailable from the Databases 160 of the Content Provider(s) 101. Thestatus of each product is updated with the result of the AutomaticMetadata Acquisition Process 803. A product which is missing anyrequired data is queued for Manual Metadata Entry Process 804, otherwiseit is available for packing into a Metadata SC(s) 620.

2. Manual Metadata Entry Tool

The Manual Metadata Entry Tool provides a user the ability to implementthe Manual Metadata Entry Process 804 described above. The ManualMetadata Entry Tool allows any properly authorized operator to providethe missing data. If the operator determines that the missing data isunavailable, the operator can attach a comment to the product andrequest supervised release. The Content Provider(s) 101 may require, forquality assurance reasons, that the product undergo supervised release.Once all the required data is present, and if supervised release has notbeen requested, then the product is available for packing into aMetadata SC(s) 620.

3. Usage Conditions Tool

The Usage Conditions Tool provides a user the ability to implement theUsage Conditions Process 805 described above. The process of offeringContent 113 for sale or rent (limited use), using electronic delivery,involves a series of business decisions. The Content Provider(s) 101decides at which compression level(s) the Content 113 is made available.Then for each compressed encoded version of the Content 113, one or moreusage conditions are specified. Each usage condition defines the rightsof the End-User(s), and any restrictions on the End-User(s), with regardto the use of the Content 113.

As part of Content Processing Tools 155, a set of usage conditions(End-User(s) rights and restrictions) is attached to the product.

A usage condition defines:

-   1. the compression encoded version of the Content 113 to which this    usage condition applies.-   2. the type of user covered by this usage condition (e.g., business,    private consumer)-   3. whether this usage condition allows for the purchase or the    rental of the Content 113. For a rental transaction:    -   the measurement unit which is used to limit the term of the        rental (e.g., days, plays).    -   the number of the above units after which the Content 113 will        no longer play.-    For a purchase transaction:    -   the number of playable copies the End-User(s) is allowed to        make.    -   onto what kinds of media can he/she make those copies (e.g.,        CD-Recordable (CD-R), MiniDisc, Personal Computer).-   4. the period of time during which the purchase/rental transaction    is allowed to occur (i.e., an End-User(s) can purchase/rent under    the terms of this usage condition only after the beginning    availability date and before the last date of availability).-   5. the countries from which an End-User(s) can transact this    purchase (or rental).-   6. the price of the purchase/rental transaction under this usage    condition-   7. the watermarking parameters.-   8. the types of events which require notification of the    Clearinghouse(s) 105.    An Example of a Set of Usage Conditions

The Content Provider(s) 101 may decide to test the North Americanmarket's acceptance to the re-release of the children's song by apopular children's vocalist during the fourth quarter 1997. The testwill make the song available in two different compression encodingversions: 384 Kbps and 56 Kbps. The 384 Kbps version can be bought (andone copy made onto MiniDisc) or rented(for two weeks), while the 56 Kbpsversion can only be bought (and no copies made). The watermarkinginstructions is the same for any purchase/rental, and the ContentProvider(s) 101 wants the Clearinghouse(s) 105 to count every copy made.This would create Usage Conditions as follows:

Usage Condition 1 Usage Condition 2 Usage Condition 3 compressed encodedversion 384 Kbps 384 Kbs 56 Kbps type of user private consumer privateconsumer private consumer type of transaction purchase rental purchaseavailability dates 1 Oct. 1997–31 Dec. 1997 1 Oct. 1997–31 Dec. 1997 1Oct. 1997–31 Dec. 1997 countries USA and Canada USA and Canada USA andCanada watermarking std. std. std. notifying events copy action nonenone number of copies 1 0 0 onto what media MiniDisc not applicable notapplicable term of rental not applicable 14 days not applicable pricePrice 1 Price 2 Price 34. Parts of the Metadata SC(s) 620

Below are some of the kinds of data that the Metadata Assimilation andEntry Tool 161 gathers for inclusion into the Metadata SC(s) 620. Anattempt has been made to group the data into SC(s) parts by function anddestination.

product ID [src:content provider;] [dest: everybody;] licensor labelcompany [dest: EMS; end-user;] licensee label company [dest: EMS;end-user;] source (publisher) of this object (sublicensee label company)[dest: everybody;] type of object (i.e., a single object or an array ofobjects) object ID [dest: everybody;] International Standard RecordingCode (ISRC) International Standard Music Number (ISMN)

-   usage conditions (src: content provider; dest: EMS, end-user,    Clearinghouse(s) 105)-   purchased usage conditions (src: EMS; dest: end-user,    Clearinghouse(s) 105)    -   the set of usage conditions (consumer restrictions and rights)        for the use of the object (sound recording)    -   an individual entry in the array of usage conditions        -   the compression encoded version of the Content 113 to which            this usage condition applies        -   whether this usage condition allows for the purchase or the            rental of the Content 113 for a rental transaction:            -   the measurement unit which is used to limit the term of                the rental (e.g., days, plays).            -   the number of the above units after which the Content                113 will no longer play.        -    for a purchase transaction:            -   the number of playable copies the End-User(s) is allowed                to make.            -   onto what kinds of media can (s)he make those copies                (e.g., CD-Recordable (CD-R), MiniDisc, personal                computer).        -   the period of time during which the purchase/rental            transaction is allowed to occur (i.e., an End-User(s) can            purchase/rent under the terms of this usage condition only            after the beginning availability date and before the last            date of availability)        -   a pointer to the countries from which an End-User(s) can            transact this purchase (or rental)        -   the price of the purchase/rental transaction under this            usage condition        -   a pointer to the encrypted watermarking instructions and            parameters        -   a pointer to the types of events which require notification            of the Clearinghouse(s) 105-   purchase data (encrypted; optional info; src: EMS; dest: end-user,    Clearinghouse(s) 105)    -   purchase date    -   purchase price    -   bill to name and address    -   consumer name and address    -   country of the consumer (best guess)

metadata 1 (src: content provider; dest: EMS, end-user) an array of {copyright information for the composition for the sound recording titleof song principal artist(s) } a pointer to { the artwork (e.g., albumcover); the format of the artwork (e.g., GIF, JPEG); } optional info: anarray of additional information { composer publisher producer sidemendate of recording date of release lyrics track name (description)/tracklength list of albums on which this recording appears genre(s) }metadata 2 (src: content provider; dest: EMS) an array of structures,each representing different quality levels of the same sound recording {the sound recording; the quality level of the sound recording; the size(in bytes) of the (probably compressed) sound recording; } metadata 3(src: content provider; dest: EMS, end-user) optional info: promotionalmaterial: a pointer to artist promotion material { a URL to the artist'sweb site; background description(s) of the artist(s); artist-relatedinterviews (along with format of the interview (e.g., text, audio,video)); reviews (along with format of the reviews (e.g., text, audio,video)); sample clips (and its format and compression level); recent andupcoming concerts/appearances/events —their dates and locations; } apointer to album promotion material { sample clip (and its format andcompression level); background description(s) of the producer, and/orthe composer, and/or the movie/play/cast, and/or the making of thealbum, etc.; non-artist-related interviews (along with format of theinterview (e.g., text, audio, video)); reviews (along with format of thereviews (e.g., text, audio, video)); genre(s); } single promotions:sample clip (and its format and compression level) backgrounddescription(s) of the producer, and/or the composer, and/or themovie/play/cast, and/or the making of the single, etc. reviews (alongwith format of the reviews (e.g., text, audio, video))

Described now is the embodiment where the distribution over a particulargeographic region using a global telecommunications infrastructure suchas the Internet. Content Provider(s) 101 utilize tools described in theWork Flow Manager to prepare their Content 113. As part of thispreparation, the Content Provider(s) 101 specify rights in the UsageConditions 517 that are assigned to the Content 113 when an end userusing an End User Device(s) 109 purchases the Content 113. Included inthis information is the Geographic Regions, specified as the 2 digitcountry code from standard ISO 3116, in which this Content can be sold.

As well as specifying which countries the Content 113 can be sold in,the Content Provider(s) 101 can specify which of the following testsshould be performed to verify the country the location of purchaserusing the End User Device(s) 109:

-   1. Address—During Credit Card Clearing, an Address Verification    System (AVS) check can be obtained. If this test is specified, the    country returned by the AVS will be checked against the list of    countries in which the content owner specifies the content can be    sold.-   2. IP—Verify that the IP address the consumer is using to attach to    the Internet to initiate the sale is in a country specified as one    in which the content can be sold.-   3. IP Check—Verify that the IP address used to request a License SC    660 from the Clearinghouse(s) 105 is the same IP address that was    used to initiate the sale. As end users could disconnect from the    Internet between placing their order and fulfilling their order,    this check can be specified to verify that the end user is still    utilizing the same Internet connection to fulfill their order. As    well, an end user could receive a Transaction SC 640 from an    Electronic Digital Content Store and forward the Transaction SC 640    on to a friend in another country and allow the friend to attempt to    complete the download.-   All—Perform all of the above (1,2 &3) tests.-   Any—At least one of the above (1, 2 or 3) must pass.-   None—Do not perform any country checking.    The first 2 tests are performed at the Electronic Digital Content    Store(s) 103 while the 3rd test will be performed at the    Clearinghouse(s) 105.

The Content Provider(s) 101 owner specifies which tests to perform byadding a Verify Tag 2002 (as described in FIG. 20) to the UsageConditions 517. In the embodiment where advertisement is targeted tocertain geographic regions, the Geographic Advertisement UsageConditions 2006 are also set by the Content Provider(s) or advertisingaffiliates of the Content Provider(s) 101.

5. Supervised Release Tool

Supervised Release Tool provides a user the ability to implement theSupervised Release Process 806 described above. An individual designatedby the Content Provider(s) 101 as having supervised release authority,may call up a product awaiting supervised release (i.e., a product onthe queue of the Supervised Release Process 806), examine its Contents113 and its accompanying comments, and either

-   -   approve its Contents 113 and release the product for packing        into a Metadata SC(s) 620, or make any necessary corrections and        release the product for packing into a Metadata SC(s) 620 or    -   add a comment specifying the corrective action to take and        resubmit the product to the Manual

Metadata Entry Process 704

In another embodiment, after the creation of the SC(s), there is anotheroptional quality assurance step where the Content 113 of the SC(s) canbe opened and examined for completeness and accuracy, and, at that time,final approval can be given or denied for the product's release to theretail channel.

D. Content Processing Tools

The Content Processing Tools 155 is actually a collection of softwaretools which are used to process the digital content file to createwatermarked, encoded, and encrypted copies of the content. The toolsmakes use of industry standard digital content processing tools to allowpluggable replacement of watermarking, encoding and encryptiontechnologies as they evolve. If the selected industry tool can be loadedvia a command line system call interface and passed parameters orprovides a toolkit wherein functions can be called via a DLL interface,the content processing can be automated to some degree. A front endapplication to each tool queries the appropriate queue in the ContentProcessing Tools 155 for the next available job, retrieves the requiredfiles and parameters and then loads the industry standard contentprocessing tool to perform the required function. Upon completion of thetask, manual update to the queue may be required if the tool does notreport terminating status.

A generic version of the Content Processing Tools 155 is described, butcustomization is possible. The Content Processing Tools 155 can bewritten in Java, C/C++ or any equivalent software. The ContentProcessing Tools 155 can be delivered by any computer readable meansincluding diskettes, CDS or via a Web site.

1. Watermarking Tool

The Watermarking Tool provides a user the ability to implement theWatermarking Process 808 as described above. This tool applies copyrightinformation of the Content 113 owner to the song file using audioWatermarking technology. The actual information to be written out isdetermined by the Content Provider(s) 101 and the specific watermarkingtechnology selected. This information is available to the front endWatermarking Tool so that it can properly pass this information to thewatermarking function. This imposes a synchronization requirement on theMetadata Assimilation and Entry Tool 161 to assure that it has acquiredthis information prior to, for example, allowing the song's audio fileto be processed. This song will not be available for audio processinguntil the watermarking information has been obtained.

The watermark is applied as the first step in audio processing since itis common to all encodings of the song created. As long as the watermarkcan survive the encoding technology, the watermarking process need onlyoccur once per song.

Various watermarking technologies are known and commercially available.The front end Watermarking Tool though is capable of supporting avariety of industry Watermarking Tools.

2. Preprocessing and Compression Tool

The Preprocessing and Compression Tool provides a user the ability toimplement the Preprocessing and Compression Process 809 as describedabove. Audio encoding involves two processes. Encoding is basically theapplication of a lossy compression algorithm against, for a musiccontent example, a PCM audio stream. The encoder can usually be tuned togenerate various playback bit stream rates based on the level of audioquality required. Higher quality results in larger file sizes and sincethe file sizes can become quite large for high quality Content 113,download times for high quality Content 113 can become lengthy andsometimes prohibitive on standard 28,800 bps modems.

The Content Provider(s) 101 may, therefore, choose to offer a variety ofdigital content qualities for download to appease both the impatient andlow bandwidth customers who don t want to wait hours for a download andthe audiophile or high bandwidth customers who either only buys highquality Content 113 or has a higher speed connection.

Compression algorithms vary in their techniques to generate lower bitrate reproductions of Content 113. The techniques vary both by algorithm(i.e. MPEG, AC3, ATRAC) and by levels of compression. To achieve higherlevels of compression, typically the data is re-sampled at lowersampling rates prior to being delivered to the compression algorithm. Toallow for more efficient compression with less loss of fidelity or toprevent drastic dropout of some frequency ranges, the digital contentmay sometimes require adjustments to equalization levels of certainfrequencies or adjustments to the dynamics of the recording. The contentpreprocessing requirements are directly related to the compressionalgorithm and the level of compression required. In some cases, thestyle of Content 113 (e.g. musical genre) can be successfully used as abase for determining preprocessing requirements since songs from thesame genre typically have similar dynamics. With some compression tools,these preprocessing functions are part of the encoding process. Withothers, the desired preprocessing is performed prior to the compression.

Besides the downloadable audio file for sale, each song also has a LowBit Rate (LBR) encoded clip to allow the song to be sampled via a LBRstreaming protocol. This LBR encoding is also the responsibility of theContent Processing Tools 155. This clip is either provided by theContent Provider(s) 101 as a separate PCM file or as parameters ofoffset and length.

As with watermarking, it is hoped that the encoding tools can be loadedvia a DLL or command line system call interface and passed all therequired parameters for preprocessing and compression. The front endEncoding Tool may have a synchronization requirement with the MetadataAssimilation and Entry Tool 161, for example if the content is music,and if it is determined that the song's genre is acquired from theDatabase 160 of the Content Provider(s) prior to performing any audiopreprocessing. This depends on the encoding tools selected and howindeterminate the genre for the song is. If the Content Provider(s) 101varies the choice of encoded quality levels per song, this informationis also be provided prior to the encoding step and agrees with themetadata being generated by the Metadata Assimilation and Entry Tool161.

A variety of high quality encoding algorithms and tools are known today.The front end Encoding Tool though is capable of supporting a variety ofindustry encoding tools.

Turning now to FIG. 12 is shown a flow diagram of one embodiment for theAutomatic Metadata Acquisition Tool of FIG. 8 according to the presentinvention. The process starts with reading an identifier from the mediathe Content Provider(s) 101 is examining. One example of content in anaudio CD embodiment. In an audio CD embodiment, the following codesmaybe available Universal Price Code (UPC), International StandardRecording Code (ISRC), International Standard Music Number (ISMN). Thisidentifier is read in the appropriate player for the content, forexample an audio CD Player for audio CD, DVD player for DVD movie, DATrecorder for DAT recording and equivalent, step 1201. Next thisIdentifier is used to index a Database 160 for the Content Provider(s)101, step 1202. Some or all of the information required by the Work FlowManager Process as described in FIG. 8 is retrieved in Database 160 andany other related sources, step 1203. This information can include theContent 113 and the metadata related to it. In step 1204, the additionalinformation retrieved is used to start the Work Flow Manager 154 forcreating electronic Content 113. It should be understood, that severalselections of media, such as several audio CDS, can be queued up so asto enable the Automatic Metadata Acquisition Tool to create a series ofContent 113 for electronic distribution. For example, all the Content113 could be created from a series of CDS or even selected tracks fromone or more CDS examined by the Content Provider(s) 101.

In an alternate embodiment, the preprocessing parameters can be retrievefrom the Database 160 of the Content Provider(s) automatically.Referring now to FIG. 13 is a flow diagram of a method to automaticallyset the Preprocessing and Compression parameters of the Preprocessingand Compression Tool of FIG. 8 according to the present invention. Inthis embodiment. the Content 113 is music. In step 1301, music (Content113) is selected to be encoded in Content Processing Tools 155. Thegenre of the music selected is determined, step 1302. This can beentered manually or by using other meta data available, such as theadditional data retrieved from the process described in FIG. 12. Theaudio compression level and audio compression algorithms selected arethan examined, step 1303. Next, a lookup is made by genre, compressionsettings and compression algorithms of what compression parametersshould be used in the Preprocessing and Compression Process 809, 1304.

3. Content Quality Control Tool

The Content Quality Control Tool provides a user the ability toimplement the Content Quality Control Process 810 as described above.This is an optional Content Processing Tool and provides an opportunityfor a quality control technician to review the encoded and watermarkedcontent files and approve or reject the content files based on qualityjudgments. He can re-encode the content making manual preprocessingadjustments until the quality is adequate or can flag the song forreprocessing and attach a note describing the problem.

This process step can be configured by the Content Provider(s) 101 as anoptional or required step of the content processing work flow. Anadditional optional Final Quality Assurance Process 813 step is providedafter packaging of all the SC(s) for this content (e.g. each SC(s) forsongs on a CD) at which time the quality of the content encoding can betested but catching a problem early prior to encryption and packagingallows for more efficient content processing. It is, therefore, highlydesirable that the content quality be assured at this step as opposed towaiting until final completion of all processing.

4. Encryption Tool

The Encryption Tool provides a user the ability to implement theEncryption Process 811 as described above. Content encryption is thefinal step of the Content Processing Tools 155. Each of the versions ofthe content that were created by the Encoding Tool is now encrypted. Theencryption tool is a function of the SC(s) Packer. The SC(s) Packer iscalled to encrypt the song and returns the generated encryption keyused. This key is later passed into the SC(s) Packer for use in creationof the Metadata SC(s) 620.

E. Content SC(s) Creation Tool

Once all metadata has been gathered the Content SC(s) Creation Toolgroups the metadata into categories based on their intended use. Thesegroups of metadata are written into files to be passed in to the SC(s)Packer Tool as Metadata parts for the Metadata SC(s) 620. Each part(file) has unique processing requirements. Once the associated songshave been processed and encrypted and the target destination (URL ofContent Hosting Site(s) 111) has been determined, the Content SC(s) 630for the Content 113 are ready to be created. The Content 113 which havecompleted processing and have met all the requirements described above,are queued for packing in the packer queue of the Work Flow Manager 154.

The Content SC(s) Creation Tool now retrieves all the required filescreated by the previous steps of the Metadata Assimilation and EntryTool 161 and calls the SC(s) Packer functions to create the MetadataSC(s) 620 and Content SC(s) 630. This process creates a single MetadataSC(s) 620 and multiple Content SC(s) 630 for each song. For example, ifthe content is music, each of the audio files created during audioprocessing for the various quality levels of the full song is packedinto separate Content SC(s) 630. The audio file created for the sampleclip is passed as a metadata file to be included in the Metadata SC(s)620.

F. Final Quality Assurance Tool

The Final Quality Assurance Tool provides a user the ability toimplement the Final Quality Assurance Process 813 as described above.Once all the SC(s) have been built for a content file, the content isavailable for a final quality assurance check. Quality assurance can beperformed at various stages of the Content 113 preparation process. TheContent Provider(s) 101 can choose to perform quality assurance as eachmajor step is completed to prevent excessive rework later or may chooseto wait until all audio preparation processes are complete and performquality assurance on everything at once. If the latter is chosen,quality assurance is performed at this point upon completion of thecreation of the SC(s). This tool allows each SC(s) for the song to beopened, examined, and the audio played.

Any problem discovered, even minor text changes requires that the SC(s)be rebuilt due to internal security features of SC(s). To avoidunnecessary re-processing time, it is highly recommended that theinterim quality assurance steps be utilized to assure accuracy of themetadata and that this specific quality assurance step be reserved forvalidating appropriate cross references between the SC(s) associatedwith this song. If problems are found, the assurer can enter a problemdescription to be attached to the song and have it re-queued to theappropriate processing queue for reprocessing. Status is updatedappropriately in the Work Flow Manager 154 to indicate the status of allrelated components of the song. If no problems are discovered, theContent 113 is marked or flagged as ready for release.

G. Content Dispersement Tool

The Content Dispersement Tool provides a user the ability to implementthe Content Dispersement Process 814 as described above. Once theContent 113 has been approved for release, the SC(s) for the Content 113are placed in the queue of the Content Dispersement Process. The ContentDispersement Tool monitors the queue and performs immediate transfer ofthe SC(s) files or batch transfer of a group of SC(s) files based on theconfiguration settings provided by the Content Provider(s) 101. TheContent Provider(s) 101 can also optionally configure the ContentDispersement Tool to automatically hold all SC(s) in this queue untilthey are manually flagged for release. This allows the ContentProvider(s) 101 to prepare content in advance of their scheduled releasedate and hold them until they wish to release them e.g., anew song,movie or game. The SC(s) can also control access to Content 113 based ona defined release date so there is no requirement for the ContentProvider(s) 101 to actually hold up delivery of the SC(s) but thismanual release option can still be used for this purpose or used tomanage network bandwidth required to transfer these large files.

When flagged for release, the Content SC(s) 630 for the Content 113 aretransferred via FTP to the designated Content Hosting Site(s) 111. TheMetadata SC(s) 620 is transferred via FTP to the Content Promotions WebSite 156. Here the SC(s) are staged to anew Content 113 directory untilthey can be processed and integrated into the Content Promotions WebSite 156.

FIG. 17 is a flow diagram of an alternate embodiment to automaticallyretrieve additional information for the Automatic Metadata AcquisitionTool of FIG. 8 according to the present invention. The process issimilar for that described in FIG. 8 above. However, the quality checksof Supervised Release 806 and Content Quality Control 809 are combinedinto one quality check called Quality Control 1704. Performing qualitychecks prior to Metadata SC Creation 807 and Content SC Creation 812.Performing quality check prior to SC creation, eliminates the steps ofunpacking the Content 113 and the associated Metadata SC(s) 620. Inaddition, in this embodiment, the queue of Products AwaitingAction/Information 801 have been eliminated. The jobs are placed on thespecific process queues depending on what action is being requested. Forexample, if the job requires Manual Metadata, i.e. additional Metadatato be entered, the job is place on the Manual Metadata entry queue. Alsothe Automatic Metadata Acquisition 803 has been merged with New ContentRequest to occur up front prior to the Metadata Assimilation and EntryTool 161 and the Content Processing Tool 155. Finally, it is importantto point out that the Usage Conditions 804 are entered both at theAutomatic Metadata Acquisition 803 and during the Manual Metadata Entry803. Since, many of the usage conditions can be automatically filled-induring the Automatic Metadata Acquisition 803 step.

H. Content Promotions Web Site

To most effectively disperse information on what the Content Provider(s)101 is making available for sale via digital download, and to get thenecessary files to the Electronic Digital Content Store(s) 103 to enableit to make this Content 113 available for download to its customers,each Content Provider(s) 101 should have a secure web site housing thisinformation. This is similar to the method used today by some ContentProvider(s) 101 to make promotional content available to their retailersand others with a need for this information. In the case where this typeof service already exists, an additional section can be added to the website where Electronic Digital Content Store(s) 103 can go to see a listof the content available for sale via download.

The Content Provider(s) 101 has complete control over the design andlayout of this site or can choose to use a turnkey web server solutionprovided as part of the toolkit for Secure Digital Content ElectronicDistribution System 100. To implement their own design for this service,the Content Provider(s) 101 need only provide links to the MetadataSC(s) 620 for Electronic Digital Content Store(s) 103 who access theirsite. This is accomplished using the toolkit for the Secure DigitalContent Electronic Distribution System 100. The selection process andwhat information is shown is the discretion of the Content Provider(s)101.

Metadata SC(s) 620 received into a new content directory via FTP fromthe Content Dispersement Tool is processed by the Content Promotions WebSite 156. These containers can be opened with the SC(s) Preview Tool todisplay or extract information from the container. This information canthen be used to update HTML Web pages and/or add information to asearchable database maintained by this service. The SC(s) Preview Toolis actually a subset of the Content Acquisition Tool used by theElectronic Digital Content Store(s) 103 to open and process MetadataSC(s) 620. See the Content Acquisition Tool section for more details.The Metadata SC(s) 620 file should then be moved to a permanentdirectory maintained by the Content Promotions Web Site 156.

Once the Metadata SC(s) 620 has been integrated into the ContentPromotions Web Site 156, its availability is publicized. The ContentProvider(s) 101 can send a notification to all subscribing ElectronicDigital Content Store(s) 103 as each new Metadata SC(s) 620 is added tothe site or can perform a single notification daily (or any definedperiodicity) of all Metadata SC(s) 620 added that day (or period). Thisnotification is performed via a standard HTTP exchange with theElectronic Digital Content Store(s) 103 Web Server by sending a definedCGI string containing parameters referencing the Metadata SC(s) 620added. This message is handled by the Notification Interface Module ofthe Electronic Digital Content Store(s) 103 which is described later.

I. Content Hosting

The Entertainment Industry produces thousands of content titles, such asCDS, movies and games every year, adding to the tens of thousands ofcontent titles that are currently available. The Secure Digital ContentElectronic Distribution System 100 is designed to support all of thecontent titles available in stores today.

The numbers of content titles that the Secure Digital Content ElectronicDistribution System 100 may eventually download to customers on a dailybasis is in the thousands or tens of thousands. For a large number oftitles, this requires a large amount of bandwidth. The computer diskspace and bandwidth needs call for a distributed, scalableimplementation with multiple Content Hosting Site(s) 111. The systemalso supports customers all over the world. This requires overseas sitesto speed delivery to the global customers.

Content hosting on the Secure Digital Content Electronic DistributionSystem 100 is designed to allow the Content Provider(s) 101 to eitherhost their own Content 113 or share a common facility or a set offacilities.

Content hosting on the Secure Digital Content Electronic DistributionSystem 100 consists of multiple Content Hosting Site(s) 111 thatcollectively contain all of the Content 113 offered by the SecureDigital Content Electronic Distribution System 100 and several SecondaryContent Sites (not shown) that contain the current hot hits offered bythe Content Provider(s) 101. The number of Content Hosting Site(s) 111changes depending on the number of End-User(s) using the system. TheSecondary Content sites host a limited number of songs, but they willrepresent a large percentage of the bandwidth used on the system. Thesecondary sites are brought on line as the volume on the primary sitesincreases to the point of maximum capacity. The secondary sites can belocated close to Network Access Points (NAPs) which helps speed updownload times. They may also be placed in different geographic areasaround the world to speed up download times.

Should the Content Provider(s) 101 choose to host all of their Content113 in their own system, they can act as a single Content Hosting Site111 with or without additional Secondary Content Sites. This allows themto build their own scalable distributed system. In another embodiment,Electronic Digital Content Store(s) 103 can also act as Content HostingSite(s) 111 for certain Content 113. This embodiment requires a specialfinancial agreement between the Electronic Digital Content Store(s) 103and the Content Provider(s) 101.

1. Content Hosting Sites

Content 113 is added to the Content Hosting Site(s) 111 via FTP or HTTPby the Content Disbursement Tool described in the Content Provider(s)Section of this specification or via offline means such as contentdelivery on tape, CD Rom, flash, or other computer readable media. TheMetadata SC(s) 620 created by the Content Provider(s) 101 contain afield that indicates the URL locating the Content SC(s) 630 for thisContent 113. This URL corresponds to a Content Hosting Site(s) 111.Electronic Digital Content Store(s) 103 can override this URL if allowedby the Content Provider(s) 101 in the Offer SC(s) 641. The End-UserDevice(s) 109 communicates to this Content Hosting Site(s) 111 when itwants to download the Content SC(s) 630.

The End-User Device(s) 109 initiates the request for a Content SC(s) 630by sending the License SC(s) 660 to the Content Hosting Site(s) 111.This is the same License SC(s) 660 returned by the Clearinghouse(s) 105.The Digital Signature of the License SC(s) 660 can be verified todetermine if it is a valid License SC(s) 660. If it is a valid LicenseSC(s) 660 either the download is initiated, or the download request maybe redirected to another Content Hosting Site(s) 111.

2. Content Hosting Site(s) 111 Provided by the Secure Digital ContentElectronic Distribution System 100

For the Secure Digital Content Electronic Distribution System 100 thedecision of which site should be used to download the Content 113 ismade by the primary content site that received the initial request for aContent SC(s) 630. This site uses the following information to make thisdecision:

-   Are there secondary content sites that host the Content 113    requested? (The majority of Content 113 offered by the Secure    Digital Content Electronic Distribution System 100 is only located    at primary sites);-   Where is the End-User Device(s) 109 geographically located? (This    information can be obtained from the End-User Device(s) 109 when the    request is initiated at the End-User Device(s) 109, this is passed    up to the Clearinghouse(s) 105 in the Order SC(s) 650;-   Is the appropriate secondary site up and operational? (Sometimes the    secondary sites maybe off-line);-   What is the load of the secondary sites? (In some cases where a    secondary site is swamped with activity another site that is less    busy may be selected.

Before transmitting the Content SC(s) 630 to the End-User Device(s) 109,analysis and verifications are performed on the End-User's request. Adatabase is kept of all of the License SC IDs that have been used todownload Content 113. This database can be checked to ensure that theEnd-User Device(s) 109 only makes one request for each piece of Content113 purchased. This prevents malicious users from repeatedly accessingthe Content Hosting Site(s) 111 in hopes of slowing down the ContentHosting Site(s) 111 and prevents unauthorized download of the ContentSC(s) 630.

The promotion and demotion of Content 113 to the Secondary Content sitesis done periodically based on customer demand for the individual piecesof Content 113.

Content Hosting Router

The Content Hosting Router (not shown) resides in the Content HostingSite(s) 111 and receives all requests from End-User(s) wanting todownload Content 113. It performs validation checks on the End-User(s)request to ensure they indeed bought the Content 113. A database ismaintained on the status of the Secondary Content Sites that includeswhat Content 113 is on them and their current status. This currentstatus includes the amount of activity on the sites and whether a siteis down for maintenance.

The only interface to the Content Hosting Router is the License SC(s)660 that is sent by the End-User Device(s) 109 when Content 113 isrequired to be downloaded. The License SC(s) 660 includes informationthat indicates the user is allowed to download the Content 113.

Secondary Content Sites

The Secondary Content Sites (not shown) host the popular Content 113 ofthe Secure Digital Content Distribution System 100. These sites aregeographically dispersed across the world and are located near NetworkAccess Points (NAPs) to improve download times. These sites are added tothe system as demand on the primary Content Hosting Site(s) 111 nearsmaximum capacity

IX. Electronic Digital Content Store(S)

A. Overview—Support for Multiple Electronic Digital Content Store(s) 103

Electronic Digital Content Store(s) 103 are essentially the retailers.They are the entities who market the Content 113 to be distributed tothe customer. For distribution of Content 113, this would includeDigital Content Retailing Web Sites, Digital Content Retail Stores, orany business who wishes to get involved in marketing electronic Content113 to consumers. These businesses can market the sale of electronicContent 113 only or can choose to just add the sale of electronic goodsto whatever other merchandise they currently offer for sale.Introduction of downloadable electronic goods into the service offeringof the Electronic Digital Content Store(s) 103 is accomplished via a setof tools developed for the Electronic Digital Content Store(s) 103 aspart of the Secure Digital Content Electronic Distribution System 100.

These tools are used by the Electronic Digital Content Store(s) 103 to:

-   acquire the Metadata SC(s) 620 packaged by the Content Provider(s)    101-   extract Content 113 from these SC(s) to be used as input to building    their service offering-   create Offer SC(s) 641 describing the downloadable Content 113 they    are offering for sale-   handle the acknowledgment of the sale and initiation of the download    by creating and sending Transaction SC(s) 640 to the End-User    Device(s) 109-   manage a transaction log of sales of downloadable Content 113 and    the status of each download-   handle status notifications and transaction authentication requests-   perform account reconciliation

The tools are designed to allow flexibility in how the ElectronicDigital Content Store(s) 103 wishes to integrate sale of downloadableelectronic Content 113 into its service. The tools can be used in such away as to request that all financial settlements for downloadableContent 113 purchased be handled by the Clearinghouse(s) 105 althoughthis is not required. These tools also enable Electronic Digital ContentStore(s) 103 to completely service their customers and handle thefinancial transactions themselves, including providing promotions andspecial offers. The tools enable the Electronic Digital Content Store(s)103 to quickly integrate the sale of downloadable Content 113 into itsexisting services. In addition, the Electronic Digital Content Store(s)103 is not required to host the downloadable Content 113 and does nothave to manage its dispersement. This function is performed by theContent Hosting Site(s) 111 selected by the Content Provider(s) 101.

The tools for the Electronic Digital Content Stores(s) 103 areimplemented in Java in the preferred embodiment but other programminglanguages such as C/C++, Assembler and equivalent can be used. It shouldbe understood that the tools described below for the Electronic DigitalContent Stores(s) 103 can run on a variety of hardware and softwareplatforms. The Electronic Digital Content Stores(s) 103 as a completesystem or as any of it's constitute components may be distributed as anapplication program in a computer readable medium including but notlimited to electronic distribution such as the web or on floppydiskettes, CD ROMS and removable hard disk drives.

In another embodiment, the components of the Electronic Digital ContentStores(s) 103 is part of a programmer's software toolkit. This toolkitenables predefined interfaces to the components of the genericElectronic Digital Content Stores(s) 103 components and tools discussedbelow. These predefined interfaces are in the form of APIs orApplication Programming Interfaces. A developer using these APIs canimplement any of the functionality of the components from a high levelapplication program. By providing APIs to these components, a programmercan quickly develop a customized Electronic Digital Content Stores(s)103 without the need to re-created these functions and resources of anyof these components.

Electronic Digital Content Store(s) 103 are not limited to Web basedservice offerings. The tools provided are used by all Electronic DigitalContent Store(s) 103 wishing to sell downloadable electronic Content 113regardless of the transmission infrastructure or delivery mode used todeliver this Content 113 to End-User(s). Broadcast services offered oversatellite and cable infrastructures also use these same tools toacquire, package, and track electronic Content 113 sales. Thepresentation of electronic merchandise for sale and the method in whichthese offers are delivered to the End-User(s) is the main variantbetween the broadcast based service offering and the point-to-pointinteractive web service type offering.

B. Point-To-Point Electronic Digital Content Distribution Service

Point-to-Point primarily means a one-to-one interactive service betweenthe Electronic Digital Content Store(s) 103 and the End-User Device(s)109. This typically represents an Internet web based service providedvia telephone or cable modem connection. Networks other than theInternet are supported in this model as well, as long as they conform tothe Web Server/Client Browser model. FIG. 9 is a block diagramillustrating the major tools, components and processes of an ElectronicDigital Content Store(s) 103.

1. Integration Requirements

The Secure Digital Content Electronic Distribution System 100 not onlycreates new online businesses but provides a method for existingbusinesses to integrate the sale of downloadable electronic Content 113to their current inventory. The suite of tools provided to theElectronic Digital Content Store(s) 103 simplify this integrationeffort. The Content Acquisition Tool 171 and SC(s) Packer Tool 153provides a method for the Electronic Digital Content Store(s) 103 toacquire information from the participating Content Provider(s) 101 onwhat they have available for sale and to create the files required toreference these downloadable objects as items in their own inventory.This process is batch driven and can be largely automated and isexecuted only to integrate new Content 113 into the site.

The tools for the Secure Digital Content Electronic Distribution havebeen designed to allow integration of sale of electronic downloadableContent 113 into typical implementations of web based Electronic DigitalContent Store(s) 103 (i.e. Columbia House online, Music Boulevard,@Tower) and equivalent with minimal change to their current Content 113retailing paradigm. Several methods of integration are possible and inthe preferred embodiment, the Electronic Digital Content Store(s) 103provides support for all product searches, previews, selections(shopping cart), and purchases. Each Electronic Digital Content Store(s)103 establishes customer loyalty with its customers and continues tooffer its own incentives and market its products as it does today. Inthe Secure Digital Content Electronic Distribution System 100, it wouldsimply need to indicate which products in its inventory are alsoavailable for electronic download and allow its customers to select theelectronic download option when making a purchase selection. In anotherembodiment, the customer's shopping cart could contain a mixture ofelectronic (Content 113) and physical media selections. After thecustomer checks out, and the Electronic Digital Content Store(s) 103 hascompleted the financial settlement and logged or notified its shippingand handling functions to process the physical merchandise purchased,the commerce handling function of the Electronic Digital ContentStore(s) 103 then calls the Transaction Processor Module 175 to handleall electronic downloads. It simply passes the required information andall processing from that point on is handled by the toolset for theSecure Digital Content Electronic Distribution System 100. In anotherembodiment, other methods of transaction handling are also possibleusing tools for the Secure Digital Content Electronic DistributionSystem 100 to handle the financial settlement should the ElectronicDigital Content Store(s) 103 wish to sell downloadable merchandise onlyor to segregate the financial settlement of physical and downloadablemerchandise.

To handle the downloading of merchandise, the Electronic Digital ContentStore(s) 103 is given a Product ID (not shown) for each downloadableproduct that it acquires from the Content Promotions Web Site 156 forthe Content Provider(s) 101. This Product ID is associated to acustomer's purchase selection to the downloadable product. The ProductID is what the Electronic Digital Content Store(s) 103 passes to theTransaction Processor Module 175 to identify the product that the userhas purchased. The SC(s) (Offer SC(s) 641) that were created to describethe products, are isolated from the Electronic Digital Content Store(s)103 and kept in an Offer Database 181 in an effort to simplifymanagement of these objects and make their existence transparent to theElectronic Digital Content Store(s) 103.

The Transaction Processor Module 175 and other additional functions areprovided as web server side executables (i.e. CGI and NSAPI, ISAPIcallable functions) or simply APIs into a DLL or C object library. Thesefunctions handle run time processing for End-User(s) interactions andoptional interactions with the Clearinghouse(s) 105. These functionsinteract with the web server's commerce services to create and downloadto the End-User Device(s) 109 the files necessary to initiate theContent 113 download process. They also handle optional interactions toprovide authorizations and accept notifications of completion ofactivities.

An Accounting Reconciliation Tool 179 is also provided to assist theElectronic Digital Content Store(s) 103 in contacting theClearinghouse(s) 105 to reconcile accounts based on its own and thetransaction logs of the Clearinghouse(s) 105.

2. Content Acquisition Tool 171

The Content Acquisition Tool 171 is responsible for interfacing with theContent Promotions Web Site 156 to preview and download Metadata SC(s)620. Since the Content Promotions site is a standard web site, a webbrowser is used by the Electronic Digital Content Store(s) 103 tonavigate this site. The navigation features varies based on the sitedesign of the Content Provider(s) 101. Some sites may provide extensivesearch capabilities with many screens of promotional information. Othersmay have a simple browser interface with lists of titles, performers ornew releases to select from. All sites include the selection of MetadataSC(s) 620 containing all the promotional and descriptive information ofa song or album.

Alternatively, the Electronic Store(s) 103 may subscribe to contentupdates and receive updates automatically via FTP.

Viewing Metadata

The Content Acquisition Tool 171 is a web browser helper applicationwhich launches whenever a Metadata SC(s) 620 link is selected at theContent Promotions Web Site 156. Selection of the SC(s) causes it to bedownloaded to the Electronic Digital Content Store(s) 103, and launchthe helper application. The Content Acquisition Tool 171 opens theMetadata SC(s) 620 and display the non-encrypted information containedtherein. Displayed information includes Extracted Metadata 173, for amusic example, the graphic image(s) associated with the song and theinformation describing the song, a preview clip of the song can also belistened to if included in the Metadata SC(s) 620. In an example wherethe Content 113 is music, promotional information about the song oralbum, the album title, and the artist is also shown if provided by theContent Provider(s) 101. This information is displayed as a series oflinked HTML pages in the browser window. Purchasable Content 113 such asthe song and the lyrics and whatever other metadata the ContentProvider(s) 101 wishes to protect, is not accessible to the RetailContent Web Site 180.

In another embodiment, the Content Provider(s) 101 provides optionalpromotional content for a fee. In this embodiment such promotionalcontent is encrypted in the Metadata SC(s) 620. Financial settlement toopen this data can be handled via the Clearinghouse(s) 105 with theaccount for the Electronic Digital Content Store(s) 103 being chargedthe designated fee.

Extracting Metadata

Besides the preview capabilities, this tool provides two additionalfeatures: metadata extraction and preparation of an Offer SC(s) 641.Selection of the metadata extraction option prompts the ElectronicDigital Content Store(s) 103 to enter the path and filenames to wherethe metadata is to be stored. Binary metadata such as graphics and theaudio preview clip is stored as separate files. Text metadata is storedin an ASCII delimited text file which the Retail Content Web Site 180can then import into its database. A table describing the layout of theASCII delimited file is also be created in a separate TOC file.Additional options is available to allow extraction into other NationalLanguage Support (NLS) supported formats.

One important piece of information provided in the extracted data is theProduct ID. This Product ID is what the commerce handling function forthe Electronic Digital Content Store(s) 103 needs to identify to theTransaction Processor Module 175 (for more information refer toTransaction Processing section), the Content 113 that the user haspurchased. The Transaction Processor Module 175 uses this Product ID toproperly retrieve the appropriate Offer SC(s) 641 from the OfferDatabase 181 for subsequent download to the End-User Device(s) 109. TheElectronic Digital Content Store(s) 103 has full control over how itpresents the offer of downloadable Content 113 on its site. It onlyneeds to retain a cross reference of the Content 113 being offered tothis Product ID to properly interface with the tools for the SecureDigital Content Electronic Distribution System 100. Providing thisinformation here, allows the Electronic Digital Content Store(s) 103 tointegrate this product or Content 113 into its inventory and sales pages(database) in parallel with the Offer SC(s) 641 creation process sinceboth processes uses the same Product ID to reference the product. Thisis described further below.

Offer SC(s) Creation Packer 153

The Electronic Digital Content Store(s) 103 is required to create anOffer SC(s) 641 describing the downloadable Content 113 that is forsale. Most of the information that goes into the Offer SC(s) 641 isderived from the Metadata SC(s) 620. The Content Acquisition Tool 171creates the Offer SC(s) 641 by:

-   removing parts from the Metadata SC(s) 620 that are not required to    be included in the Offer SC(s) 641 as defined by the Offer SC(s)    Template in the Metadata SC(s) 620-   adding additional required parts as defined by defaults specified by    the configuration options in this tool for the Electronic Digital    Content Store(s) 103-   prompting for additional required inputs or selections as defined by    the Offer SC(s) Template in the Metadata SC(s) 620-   calling the SC(s) Packer 153 to pack this information into the SC(s)    format

Metadata to be displayed by the Player Application 195 (furtherdescribed later) on the End-User Device(s) 109 is kept in the MetadataSC(s) 620. Other promotional metadata that was only used by theElectronic Digital Content Store(s) 103 as input to his web servicedatabase is removed from the Metadata SC(s) 620. Rights managementinformation provided by the Content Provider(s) 101, such aswatermarking instructions, encrypted Symmetric Keys 623, and UsageConditions 517 defining the permitted uses of the object, are alsoretained.

This stripped down Metadata SC(s) 620 is then included in the OfferSC(s) 641. The Electronic Digital Content Store(s) 103 also attaches itsown Usage Conditions called Store Usage Conditions 519 or purchaseoptions to the Offer SC(s) 641. This can be accomplished interactivelyor automatically through a set of defaults. If configured to beprocessed interactively, the Electronic Digital Content Store(s) 103 isprompted with the set of permitted object Usage Conditions 517 asdefined by the Content Provider(s) 101. He then selects the option(s) hewishes to offer to his customers. These now become the new UsageConditions or Store Usage Conditions 519. To process automatically, theElectronic Digital Content Store(s) 103 configures a set of defaultpurchase options to be offered for all Content 113. These defaultoptions are automatically checked against the permitted Usage Conditions517 defined by the Content Provider(s) 101 and is set in the Offer SC(s)641 if there are no discrepancies.

Once the Offer SC(s) 641 is created, it is stored in an Offer Database181 and is indexed with the Product ID pre-assigned in the MetadataSC(s) 620. This Product ID is used later by the Electronic DigitalContent Store(s) 103 to identify the downloadable Content 113 beingpurchased by a customer when interfacing with the Offer Database 181 toretrieve the Offer SC(s) 641 for packaging and transmittal to theEnd-User(s). See the Transaction Processor Module 175 section for moredetails.

In another embodiment, the Electronic Digital Content Store(s) 103 hoststhe Content SC(s) 641 at his site. This embodiment requires changes tothe Offer SC(s) 641 such as the replacement of the URL of the ContentHosting Site(s) 111 with the URL of the Electronic Digital ContentStore(s) 103.

3. Transaction Processing Module 175

Electronic Digital Content Store(s) 103 directs billing toClearinghouse(s) 105. Alternatively, the Electronic Digital ContentStore(s) 103 may request financial clearance direct from theClearinghouse(s) 105. There are two basic modes for processingEnd-User(s) purchase requests for downloadable Content 113. If theElectronic Digital Content Store(s) 103 does not wish to handle thefinancial settlement of the purchase and has no special promotions orincentives governing the sale of the merchandise and does not use ashopping cart metaphor for batching the purchase requests, it may opt toprovide links on its Content 113 download pages directly to the OfferSC(s) 641 files. These Offer SC(s) 641 would have to have been builtwith retail pricing information included in the metadata. Also includedin the Offer SC(s) 641 is a special HTML offer page presenting thepurchase options with terms and conditions of the sale. This page isbuilt from a template created when the Offer SC(s) 641 was built. Whenthe End-User(s) clicks on the direct link to the Offer SC(s) 641, theOffer SC(s) 641 is downloaded to the browser End-User Device(s) 109launching a helper application which opens the container and present theoffer page included in the Offer SC(s) 641. This page contains a form tocollect customer information including credit card information andpurchase option selection. The form then gets submitted directly to theClearinghouse(s) 105 for financial settlement and processing.Optionally, this form may contain the fields needed to use theEnd-User(s)' credit information or industry standard local transactionhandler.

An embodiment where the Electronic Digital Content Store(s) 103 handlesbilling is now described. The more typical mode of handling purchaserequests is to allow the Electronic Digital Content Store(s) 103 toprocess the financial settlement and then submit the downloadauthorization to the End-User(s). This method allows the ElectronicDigital Content Store(s) 103 to integrate sale of downloadable Content113 with other merchandise offered for sale at his site, allows batchprocessing of purchase requests with only one consolidated charge to thecustomer (via a shopping cart metaphor) instead of individual chargesfor each download request, and allows the Electronic Digital ContentStore(s) 103 to directly track his customers buying patterns and offerspecial promotions and club options. In this environment, the offer ofdownloadable Content 113 is included in his shopping pages which getadded to a shopping cart when selected by the End-User(s) and getprocessed and financially settled as is done in the Electronic DigitalContent Store(s)' 103 current shopping model. Once the financialsettlement is completed, the commerce handling process of the ElectronicDigital Content Store(s) 100 then calls the Transaction Processor Module175 to complete the transaction.

Described now is the embodiment where the distribution over a particulargeographic region using a global telecommunications infrastructure suchas the Internet. When a end user decides to purchase the Content 113 or“check out”, the Electronic Digital Content Store(s) they are dealingwith will perform a credit card authorization to see if the end user cancharge the amount of the purchase to their credit card. As part of this,the payment gateway performs address verification.

Once credit has been granted, the Electronic Digital Content Store(s)has a Transaction SC 640 built. The Transaction SC(s) 640 containsinformation regarding the Content 113 the end user has purchased thatthe End User Device(s) 105 utilizes to complete the download of thecontent for the it Electronic Digital Content Store(s). Added to the APIis the country code returned by the AVS and the IP address the user isusing to connect to the Electronic Digital Content Store(s).

The Electronic Digital Content Store(s) 103 performs the IP verificationtest and the Address verification test. The following algorithms shouldbe used for each Content 113 item included in the order. If any one ofthe Electronic Digital Content Store(s) fail, then the whole order needsto be rejected! Enough information is returned to the store so that theycan display an appropriate error message to the end user on the End UserDevice(s) 109.

Determine Which Tests to Run

-   First, which tests are required to run is determined:-   RunAddress=false-   RunIP=false-   If Verify=all    -   RunAddress=true    -   RunIP=true-   If Verify includes Address    -   RunAddress=true-   If Verify includes IP    -   RunIP=true

Run Tests Now, the tests need to be run. As the IP address test willtake the longest (if not using a cached IP), it should be run last andonly if absolutely required. Ok = false AddressPassed = false IPPassed =false If Verify == none Ok = true Else if (verify == any) if(addressCountryCode != NULL && addressCountryCode in markets) AddressPassed = true Ok = true else if (IP in country in markets) ipPassed =true ok = true else if (RunAddress) if (addressCountryCode != NULL &&addressCountryCode in markets) addressPassed = true if (RunIP) if (IP incountry in markets) ipPassed = true if ((RunAddress && addressPassed) &&(RunIP && ipPassed)) ok = true else if ((RunAddress && addressPassed) &&!RunIP) ok = true else if (!RunAddress && (RunIP && ipPassed)) ok = trueCreate Transaction SC(s) 640 Now that all the testing has beenperformed, see if it is OK to build the Transaction SC(s) 640: if ok ==true RC = createTransaction SC(s) 640 else rc = rejected!If the Transaction SC(s) 640 is built, the IP address of the end userusing the End User Device(s) 109 making the transaction as well as anindication that the Address Verification was performed need to be addedto the transaction data as follows:

-   -   EndUserIP=9.83.117.56    -   AddressVerify=true        IP Verification

The Electronic Digital Content Store(s) 103 keep a table of all class(c) IP addresses that it has verified through the Clearinghouse(s) 105.Each entry will have a date/time stamp of when the information wasretrieved from the Clearinghouse(s) 105. If the entry is more than xdays old, it will be retrieved from the Clearinghouse(s) 105, otherwisethe entry can be used.

Precheck API

The Electronic Digital Content Store(s) 103 provides a function throughan API that the Electronic Digital Content Store(s) will invoke when aend user firsts attaches to the Electronic Digital Content Store(s).This API will accept the IP address the end user is connecting with.This API will return immediately to the Electronic Digital ContentStore(s) so it can continue it's processing. The Electronic DigitalContent Store(s) 103 server will then check the IP table of thedatabase. If the class (c) address is not already in the table, then theserver will launch a request to the Clearinghouse(s) 105 to look up thisaddress. Once this information returns, the table will be updated.

The purpose of this API is to help speed up the transaction processingas it will take some time for the Clearinghouse(s) 105 to perform thelookup. The hope is that the following will occur:

-   1. End user using End User Device(s) 105 attaches to store-   2. Electronic Digital Content Store(s) invokes functions using APIs    to have IP address researched-   3. Electronic Digital Content Store(s) 103 spawns thread that    launches request to Clearinghouse(s) 103-   4. Thread puts class (c) address in table and flags it as “in    progress”-   5. Electronic Digital Content Store(s) 103 returns to Electronic    Digital Content Store(s)-   6. End User using End User Device(s) 105 shops-   7. At Electronic Digital Content Store(s) 103, info from    Clearinghouse is returned-   8. Electronic Digital Content Store(s) 103 Thread updates database    table—flag it as “ready”-   9. End user using End User Device(s) 105 checks out-   10. Electronic Digital Content Store(s) asks for Transaction SC(s)    640 to be built-   11. If class (c) is in the table    -   If “in progress        -   Wait for state to change to ready-   Else    -   Issue request to Clearinghouse(s) 105        Process Transaction SC(s) 640

In the event that the information does not come back in time, theElectronic Digital Content Store(s) 103 will have to wait for theresponse from the Clearinghouse(s) 105. If it waits more than 10 seconds(e.g.), it should issue another query to the Clearinghouse(s) 105 andwait for the query.

In another embodiment where the advertising is geographically targeted,the flow diagram 2100 of end user geographical targeting in FIG. 21 isnow described. The process begins with a test to see if anyadvertisement exists to associated generally with the Content 113, insteps 2102 and 2104. In the case that there is no advertisement, theprocess flow ends at step 2112. On the other hand, if there isadvertisement to associate, a test is made to see if there are one ormore Geographic Advertisement Usage Conditions 2006, in the MetadataSecure Container 620. In the case that there are no GeographicAdvertisement Usage Conditions 2006, the process flow ends at step 2112.If there are Geographic Advertisement Usage Conditions 2006, the processcontinues in step 2108 with associating one or more pieces ofadvertisement based upon (a) the Geographic Advertisement UsageConditions 2006 and (b) the Geographic Location of the End User. Itshould be understood that the advertisement of which is associated withthe Content 113 in step 2108 in most cases is a subset of theadvertisement available for the Content 113 and that the step ofassociating the advertisement selects only that advertisement which isappropriate based on the Geographic Advertisement Usage Conditions 2006.As stated earlier, the advertisement can be any multimedia advertisementincluding, text, graphics, video and audio. The advertisement prior tobeing associated and packed into a Transaction SC(s) 640 can be storedlocally at the Electronic Digital Content Store(s) 103 or any remotelocation (not shown). The geographic location of the End User Device(s)109 is determined as described above using any one of the twocombination of tests e.g. RunAddress, and Run IP. A Transaction SecuredContainer 640 is created with the associated advertisement as describedin following section entitle “Transaction Processor Module 175” with theand the Geographically Associated Advertisement 2202. The GeographicallyAssociated Advertisement 2202 in one embodiment as shown in FIG. 22 isencrypted with the public key 621 of the Clearinghouse(s) 103. Inanother embodiment, the Geographically Associated Advertisement 2202 isnot encrypted within the Transaction Secured Container 640.

Transaction Processor Module 175

The role of the Transaction Processor Module 175 is to put together theinformation needed by the End-User Device(s) 109 to initiate and processthe download of the Content 113 purchased. This information is packagedinto a Transaction SC(s) 640 which is sent back to the End-UserDevice(s) 109 by the Web Server as the response to the purchasesubmission. The Transaction Processor Module 175 requires three piecesof information from the commerce handling process of the ElectronicDigital Content Store(s) 103: the Product IDs for the Content 113purchased, Transaction Data 642, and an HTML page or CGI URLacknowledging the purchase settlement.

The Product ID is the value provided to the Electronic Digital ContentStore(s) 103 in the Metadata SC(s) 620 associated to the Content 113just sold. This Product ID is used to retrieve the associated OfferSC(s) 641 from the Offer Database 181.

The Transaction Data 642 is a structure of information provided by thetransaction processing function of the Electronic Digital ContentStore(s) 103 which is later used to correlate the Clearinghouse(s) 105processing with the financial settlement transaction performed by theElectronic Digital Content Store(s) 103 and to provide user identityinformation to be included in the watermark of the Content 113downloaded to the End-User Device(s) 109. When the Clearinghouse(s) 105receives a valid Order SC(s) 650, it logs a transaction indicating theContent 113 that was sold, which Electronic Digital Content Store(s) 103sold it and the associated Transaction Data 642 including the End-User'sName and a Transaction ID 535. The Transaction ID 535 provides areference to the financial settlement transaction. This information islater returned by the Clearinghouse(s) 105 to the Electronic DigitalContent Store(s) 103 for use in reconciling its accounts with thebilling statements received from the Content Provider(s) 101 (or hisagent). The Clearinghouse Transaction Log 178 can be used by the ContentProvider(s) 101 to determine what Content 113 of his has been sold andenables him to create a bill to each Electronic Digital Content Store(s)103 for royalties owed him. Other electronic means besides billing canalternatively be used to settle accounts between the Content Provider(s)101 and Electronic Digital Content Store(s) 103.

The information provided in the Transaction SC(s) 640 and the securityand integrity of the Transaction SC(s) 640 provide sufficientauthenticity to the Clearinghouse(s) 105 that the purchase transactionis valid and thus no further validation is required prior to the loggingof this sale by the Clearinghouse(s) 105. The Electronic Digital ContentStore(s) 103, however, has the option to request authentication beforeits accounts are charged (transaction logged at the Clearinghouse(s) 105indicating to the Content Provider(s) 101 that this Electronic DigitalContent Store(s) 103 has collected money for the sale of this Content113). This request for authentication/notification is indicated by aflag in the Transaction Data 642. In this scenario, the Clearinghouse(s)105 contacts the Electronic Digital Content Store(s) 103 and receiveauthorization from the Electronic Digital Content Store(s) 103 beforethe charge to his account and the release of the encryption Key 623. TheTransactionID 535 is passed to the Electronic Digital Content Store(s)103 from the Clearinghouse(s) 105 as part of this authentication requestto enable the Electronic Digital Content Store(s) 103 to associate thisrequest to a prior transaction performed with the End-User(s). ThisTransaction ID 535 can be any unique value the Electronic DigitalContent Store(s) 103 wishes to use and is solely for its benefit.

The Transaction Data 642 also contains a customer name. This name can befrom the user name field of the purchase form filled out by the userwhen making his purchase, or from information logged previously duringsome user registration process with the Electronic Digital ContentStore(s) 103, or the official name obtained from credit card informationassociated with the card used in this transaction. This name is laterincluded in the License Watermark 527.

The Transaction Data 642 also contains the Store Usage Conditions 519purchased by the End-User(s). This information is included in theLicense Watermark 527 and used by the End-User Device(s) 109 in Copy andPlay Control.

The final parameter required by the Transaction Processor Module 175 isthe HTML page or CGI URL acknowledging the purchase settlement. Thepurpose of this is to allow the Electronic Digital Content Store(s) 103to respond to the End-User(s) with an acknowledgment of the financialsettlement and whatever other information he wishes to include in theresponse. This HTML page or CGI URL is included in the Transaction SC(s)640 and is displayed in the browser window of the End-User Device(s) 109when the Transaction SC(s) 640 is received and processed.

The Transaction SC(s) 640 is the HTTP response to the End-User(s) fromthe Electronic Digital Content Store(s) 103 after processing thepurchase submission. Sending a SC(s) as the direct HTTP response forcesthe automatic loading on the End-User Device(s) 109 of a SC(s) ProcessorHelper Application thus allowing automatic completion of the transactionwithout depending on further End-User(s) initiated actions. This processis described in more detail in the End-User Device(s) 109 and PlayerApplication 195 section later.

When the Transaction Processor Module 175 is called with the requiredparameters, it builds a Transaction SC(s) 640 containing the TransactionData 642, the transaction acknowledgment HTML page or reference URLother required security features of the SC(s), and retrieves and imbedsthe Offer SC(s) 641 associated with the purchase. It also logsinformation about this transaction for later use by the NotificationInterface Module 176 and the Account Reconciliation Tool 179.

4. Notification Interface Module 176

The Notification Interface Module 176 is a Web Server side executableroutine (CGI or function callable by NSAPI, ISAPI or equivalent). Ithandles optional requests and notifications from the Clearinghouse(s)105, the End-User Device(s) 109, the Content Hosting Site(s) 111, andthe Content Provider(s) 101. The events that the Electronic DigitalContent Store(s) 103 can optionally request notification for are:

-   Notification from the Clearinghouse(s) 105 that the End-User    Device(s) 109 requested an encryption Key 623 and the    Clearinghouse(s) 105 is releasing the encryption Key 623 for the    specified Content 113. This notification can optionally be    configured to require authentication from the Electronic Digital    Content Store(s) 103 prior to the encryption Key 623 being sent to    the End-User Device(s) 109.-   Notification from the Content Hosting Site(s) 111 that the Content    SC(s) 630 has been sent to the End-User Device(s) 109.-   Notification from the End-User Device(s) 109 that the Content SC(s)    630 and the License SC(s) 660 have been received and successfully    used to process the Content 113 or was found to be corrupt.-   Notification from the Content Provider(s) 101 that new Content 113    has been placed in the Content Promotions Web Site 156.

None of these notifications are a required step in the Secure DigitalContent Electronic Distribution System flows 100 but are provided asoptions to allow the Electronic Digital Content Store(s) 103 theopportunity to close its records on the satisfaction of completion ofthe sale. It also provides information that maybe needed to handlecustomer service requests by letting the Electronic Digital ContentStore(s) 103 know what functions have transpired since financialsettlement of the transaction or what errors occurred during an attemptto complete the sale. Alternatively, much of this status can be obtainedfrom the Clearinghouse(s) 105 through the Customer Service Interface 184as needed.

Frequency of notification of new Content 113 available at the ContentPromotions Web Site 156 is determined by the Content Provider(s) 101.Notification may be provided as each new Metadata SC(s) 620 is added orjust daily with all new Metadata SC(s) 620 added that day.

All of these notifications result in entries being made to theTransaction Log 178. If the Electronic Digital Content Store(s) 103wishes to perform his own processing on these notifications, he canintercept the CGI call, perform his unique function and then optionallypass the request on to the Notification Interface Module 176.

5. Account Reconciliation Tool 179

This Account Reconciliation Tool 179 contacts the Clearinghouse(s) 105to compare the Transaction Log 178 with the log of the Clearinghouse(s)105. This is an optional process which is available to help theElectronic Digital Content Store(s) 103 feel comfortable with theaccounting for the Secure Digital Content Electronic Distribution System100.

In another embodiment, this tool can be updated to provide electronicfunds transfers for automated periodic payments to the ContentProvider(s) 101 and the Clearinghouse(s) 105. It can also be designed toautomatically process payments upon reception of an electronic bill fromthe Clearinghouse(s) 105 after reconciling the bill against theTransaction Log 178.

C. Broadcast Electronic Digital Content Distribution Service

Broadcast primarily refers to a one to many transmission method wherethere is no personal interaction between the End-User Device(s) 109 andthe Electronic Digital Content Store(s) 103 to customize on-demandviewing and listening. This is typically provided over a digitalsatellite or cable infrastructure where the Content 113 is preprogrammedso that all End-User Device(s) 109 receive the same stream.

A hybrid model can also be defined such that an Electronic DigitalContent Store(s) 103 provides a digital content service organized insuch a way that it can offer both a web distribution interface via anInternet connection as well as a higher bandwidth satellite or cabledistribution interface via a broadcast service, with a great deal ofcommonality to the site design. If the IRD backchannel serial interfacewere connected to the web, and the IRD supported web navigation, theEnd-User(s) could navigate the digital content service in the usual wayvia the backchannel Internet interface, previewing and selecting Content113 to purchase. The user can select high quality downloadable Content113, purchase these selections, and receive the required License SC(s)660 all via an Internet connection and then request delivery of theContent 113 (Content SC(s) 630) over the higher bandwidth broadcastinterface. The Web service can indicate which Content 113 would beavailable for download in this manner based on the broadcast schedule orcould build the broadcast streams based totally on purchased Content113. This method would allow a Web based digital content service tocontract with a broadcast facility to deliver high quality Content 113to users equipped with the proper equipment making a limited number ofspecific Content 113 (e.g. songs or CDS) available daily in this mannerand the entire catalog available for download in lower quality via theweb interface.

Other broadcast models can be designed where there is no web interfaceto the End-User Device(s) 109. In this model, promotional content ispackaged in specially formatted digital streams for broadcast deliveryto the End-User Device(s) 109 (i.e. IRD) where special processing isperformed to decode the streams and present the End-User(s) with thepromotional content from which purchase selections can be made.

The actual purchase selections would still be initiated via backchannelcommunications from the End-User Device(s) 109 to the Clearinghouse(s)105 and would utilize SC(s) to perform all data exchange. The toolsetprovided to the Electronic Digital Content Store(s) 103 has beenarchitected and developed in such a way that most of the tools apply toboth a point-to-point Internet service offering as well as a broadcastsatellite or cable offering. The tools used by a Digital Content WebSite Electronic Digital Content Store(s) 103 to acquire and manageContent 113 as well as prepare SC(s) is also used by a satellite basedElectronic Digital Content Store(s) 103 to manage and prepare Content113 for distribution on a broadcast infrastructure. The SC(s)distributed over a Web service are the same as those distributed over abroadcast service.

X. End-User Device(S) 109

The applications in the End-User Device(s) 109 for the Secure DigitalContent Electronic Distribution System 100 perform two main functions:first the SC(s) processing and copy control; and second playback ofencrypted Content 113. Whether the End-User Device(s) 109 is a PersonalComputer or a specialized electronic consumer device, it has to becapable of performing these base functions. The End-User Device(s) 109also provides a variety of additional features and functions likecreating play lists, managing the digital content library, displayinginformation and images during content playback, and recording toexternal media devices. These functions vary based on the services theseapplications are supporting and the type of devices the applications aredesigned for.

A. Overview

1. Delivery Over Telecommunications Infrastructure

Referring now to FIG. 10, shown is the major components and processesand End-User Device(s) 109 Functional Flow. The applications designed tosupport a PC based web interface Content 113 service consists of twoexecutable software applications: the SC(s) Processor 192 and the PlayerApplication 195. The SC(s) Processor 192 is an executable applicationwhich is configured as a Helper Application into the End-User(s) WebBrowser 191 to handle SC(s) File/MIME Types. This application islaunched by the Browser whenever SC(s) are received from the ElectronicDigital Content Store(s) 103, the Clearinghouse(s) 105, and the ContentHosting Site(s) 111. It is responsible for performing all requiredprocessing of the SC(s) and eventually adding Content 113 to the DigitalContent Library 196 of the End-User(s).

The Player Application 195 is a stand alone executable application whichthe End-User(s) loads to perform Content 113 in his Digital ContentLibrary 196, manage his Digital Content Library 196 and create copies ofthe Content 113 if permitted. Both the Player Application 195 and SC(s)Processor 192 applications can be written in Java, C/C++ or anyequivalent software. In the preferred embodiment, the applications canbe downloaded from computer readable means such as website. However,other delivery mechanisms are also possible such as being delivered oncomputer readable media such as diskettes or CDS.

The searching and browsing of Content 113 information, previewing of,for example, song clips, and selecting songs for purchase is all handledvia the End-User(s) Web Browser 191. Electronic Digital Content Store(s)103 provides the shopping experience in the same way that is offeredtoday by many Content 113 retailing web sites. The difference to theEnd-User(s) over today's web based Content 113 shopping is that they maynow select downloadable Content 113 objects to be added to theirshopping cart. If the Electronic Digital Content Store(s) 103 has othermerchandise available for sale in addition to the downloadable objects,the End-User(s) may have a combination of physical and electronicdownloadable merchandise in his shopping cart. The Secure DigitalContent Electronic Distribution End-User Device(s) 109 are not involveduntil after the End-User(s) checks out and submits his final purchaseauthorization to the Electronic Digital Content Store(s) 103. Prior tothis point, all interaction is between the Web Server for the ElectronicDigital Content Store(s) 103 and the Browser 191 on the End-UserDevice(s) 109. This includes preview of sample Digital Content clips.Digital Content clips are not packaged into SC(s) but instead areintegrated into the web service of the Electronic Digital ContentStore(s) 103 as downloadable files or fed from a streaming server. Theformat of the Content 113 clip is not dictated by the systemarchitecture. In another embodiment, the Player Application 195 couldinteract directly with the Electronic Digital Content Store(s) 103 orClearinghouse(s) 105 or offline using a promotional CD.

4. Delivery Over a Computer Readable Medium

In this alternate embodiment, instead of downloading Content 113 or eventhe Player Application 195 itself over telecommunications lines such astelephone lines, cable TV, direct TV, the Internet and other wired andwireless communications infrastructure, in this embodiment a computerreadable medium is described. Computer readable medium includes floppydiskettes, CDS, DVDS, Portable Flash Memory, ZipDrives™, removable harddisk drives and any other removable medium from which a computer canread information. For simplicity, in this embodiment, the computerreadable medium is a CD 1802 and the Content 113 is music. The CD 1802takes the place of the Content Hosting Sites 111 to permit the music tobe distributed over physical media rather than through electronic meanssuch as broadband. The CD 1802 contains music samples and multiplecompressed and encrypted music tracks in a Content SC 630 and theassociated metadata about the Content 113. The sample tracks in theaudio session can be played back in a standard CD player. When mountedin an CD drive of the End User Device(s) 109 automatically starts a WebBrowser 191 that allows an end-user to listen to the music samples andselect one or more of the compressed and encrypted songs for purchase.

The overall buying transaction process is the same as that useddescribed for the download of Content 113 from Content Hosting Site(s)111. The difference lies in that the encrypted Content 113 is notdownloaded from the Content Hosting Site(s) 111, but rather the Content113 is read in Content SC(s) 630 stored on CD 1802. Thus, the use of theCD 1802 eliminates the long download times over narrow-band Internet,and the need for a broadband Internet channel. As previously described,for the telecommunications distribution of Content 113, the end-userusing the End User Device(s) 109 access the encryption Key 623 to renderthe Content 113 by receiving a Transaction SC(s) 641 from the ElectronicDigital Content Store(s) 103. In an alternative embodiment, the modifiedTransaction SC(s) 1832 is received from the Content Provider(s) 101, orthe Clearinghouse(s) 105 or any other third party source for processpurchase authorizations.

The number of compressed and encrypted songs that can fit onto CD 1802depends on the number and playing time of the music samples in the audiosession and on the compressed music data rate and the length of eachsong. For example, if about twenty (20) second music samples areallowed, then about four (4) musical works of 60-minute lengthcompressed at 256 kilobit/second or eight (8) of 60-minute length albumscompressed at 128 kilobit/second will fit onto CD 1802. If the computerreadable medium is a DVD instead of a CD 1802, the current DVDtechnology stores around 5 times the number of compressed musical worksover the CD media. Accordingly with current DVD technology it ispossible to store twenty (20) 60-minute musical works compressed at 256kilobits/second and forty (40) 60 minute albums compressed at 128kilobit/second.

One embodiment for the information stored on the CD 1802 is nowdescribed. The information also known as the as the promotional package1801 is broken down into two general areas known: (i)Content SessionArea 1804, in this example audio content; and (ii) Data Session 1806,which ties into the functionality of the Player Application 195.

Content Session Area 1804 includes:

-   -   An informational audio track 1808 with information about the        content of the CD 1802 and the procedure to buy one of the        included compressed song or songs.    -   About 20 30-second audio tracks 1820 of promotional music.

Data session 1806 includes:

-   -   Autorun.exe 1812 program that launches the data session in the        End User Device(s) 109. If the autorun function in Microsoft        Windows is enabled, the CD's autorun.exe 1812 is automatically        launched. Otherwise, the End-User Device(s) 109 must manually        launch the autorun.exe 1812. A readme.txt file (not shown) in        the CD 1802 has information to guide the end user when the        autorun function is not available in this case. As part of its        execution, the autorun.exe 1812 opens the first HTML page of        HTML pages 1816 on the CD 1802, which in turn launches the Web        Browser 191 and the Web Browser 191 automatically registers the        logical drive identifier from which the first HTML page was        opened and uses it as the current reference drive.    -   Autorun.ini 1814 file that points to the first HTML page of HTML        pages 1816 on CD 1802.    -   Readme.txt (not shown) file with instructions to guide the        End-user to launch the autorun.exe 1812 program, if the autorun        function in Windows is not enabled. This text file also provides        information on the purpose of the CD 1802 and the process to        purchase music.    -   Player Application Installation Package 1818 permits the        end-user to install the Player Application 195 on the End User        Device(s) 109.    -   Set of HTML pages 1816 support navigation of the end-user to        select music and gather end-user's credit card information to        send to Electronic Digital Content Store(s) 103.    -   Data set for each compressed album.    -   Content SC(s) 630 and associate metadata.    -   Offer SC(s) 641 points to the Content SC(s) 630 and track files        in the CD 1802. The Content SC(s) 630 and the track files are        located in the CD 1802 based on a fixed directory structure.    -   A modified Transaction SC(s) 1824 is similar to the Transaction        SC(s) 640 in the telecommunications embodiment and the modified        Transaction SC(s) 1824 contains identifiers pointing to the        Offer SC(s) 641 on the CD 1802, and the available Usage        Conditions 519. The modified Transactions SC(s) 1824 maybe        digitally signed with a Digital Signature 624 of the Content        Provider(s) 101.

Turning now to FIG. 19, is a flow diagram of the alternative embodimentof FIG. 18 for acquiring rights to digital content, according to thepresent invention. The process begins with the end-user loading the CD1802 into the End-User Device(s) 109, step 1902. The end-user can listento the information audio track and the music samples and othermultimedia promotional materials, step 1904. The end-user interacts withthe HTML pages read from the CD 1802, the end-user selects the musiche/she wants to buy and provides credit card information. The HTML pages1816 presents to the end-user the price and Usage Conditions 519 such asthose done in the Offer SC(s) 640 in the telecommunications embodiment.

Once the end-user selects the albums for purchase and provides thecredit card information, a browser script program running on Web Browser191 transfers a Notify SC(s) 1822 derived from the CD 1802 andtransferred to a payment site such as the Electronic Digital ContentStore(s) 103, step 1906. A secure connection, such as an SSL connection,is used between the End-User Device(s) 109 and the payment site is usedto protect the transfer of the credit card and selection informationagainst eavesdropping in the Internet.

After achieving payment authorization, a modified Transaction SC(s) 1824is received by the Web Browser 191. This modified Transaction SC(s) 1824is similar to the regular modified Transaction SC(s) 640, but it doesnot carry the Offer SC(s) 641 and includes the Notify SC(s) 1822. Thatis, modified Transaction SC(s) 1824 carries Transaction Data 642, theNotify SC(s) 1822 and the Usage Conditions 519 for the music, step 1908.

The Play Application 195 receives the Offer SC(s) 641 for the selectedmusic from the CD 1802. The application then proceeds with the regularinteraction with the Clearinghouse(s) 105 to acquire a License SC(s) 660for the selected Content 113 as describe above in FIG. 6 for thetelecommunications embodiment, step 1910.

After a License SC(s) 660 for the Content 113 is received, the PlayerApplication 195 copies the corresponding Content SC(s) 630 from the CD1802, and proceeds with the regular processing of those parts asdescribed in the telecommunications embodiment above for FIG. 6.

The content preparation for the CD 1802 is the same system and methodsas described in “Section VIII Content Provider” above. But instead ofcreating Content SC(s) 630 for distribution over telecommunicationsnetworks, the Content SC(s) 630 and Offer SC(s) 640 are written to theCD 1802. Included on the CD 1802 are the Notify SC(s) 1822 for eachsong, Offer SC(s) for each song, and a set of HTML pages 1816. Theautorun.exe 1812, the autorun.ini 1814 and the End-User ApplicationInstallation Package 1818 may be included in the CD 1802.

The changes necessary in the Player Application 195 to support both thetelecommunications embodiment of delivering Content 113 as well as thiscomputer readable medium distribution embodiment may include all thecomponents listed in “Section X.D The Player Application” below. Thismakes the compatible with both embodiment of delivery. In addition, thefunctions of the Player Application Installation Package 1818 includesthe software that:

-   Allows the end-user to select the albums that are included in the CD    1802.-   Allows the end-user to point to the locations of the offer SC(s)    641, the Content SC(s) 630. If the needed Offer SC(s) 641 are not    available on CD 1802 then an HTML address is provided to an    Electronic Digital Content Store(s) 103.-   Create the Notify SC(s) 1822 composed of identifiers for the    corresponding Offer SC(s) 641, the Digital Signature 641 and the    available Usage Conditions 519.-   Allows the creation of HTML pages that will guide the end-user in    the selection and purchase of music. The HTML page creation will be    based on page templates. The templates should allow the creation and    customization of HTML pages 1816 that can contain information on the    music. The information about each song can include jacket and cover    art, lyrics and usage conditions. The templates allow the creation    and customization of HTML forms that will be presented to the    end-user to collect credit card information.-   Allows the operator to point to the locations of the autorun.exe    1812 file, the autorun.ini 1814 file and the Player Application    Installation Package 1818.-   Allows the end-user to modify the autorun.ini 1814 file so that it    points to the first HTML page of the HTML pates 1816 to be presented    to the end-user.-   Allows the end-user to select the audio information and music sample    tracks and to point to online URLS.

What has been described thus far is content delivery on a CD 1802. Itshould be noted that the promotional encrypted content on the CD can bepart of the regular music or DVD CD. The CD 1802 can be created by theprocess in Sub-section 4. “Decryption 1505, Decompression 1506 andPlayback Components 1506” in Section D “The Player Application 195”below. The CD 1802 contains the Promotional Package 1801 from a ContentProvider(s) 101 or from the Electronic Digital Content Store(s) 103.When this CD 1802 is played, this enables the user or a friend of a userto very quickly purchase rights to the Content 113 on CD 1802. In otherwords, if a user takes a CD 1802 to a friends house to listen to it, thefriend can purchase the rights to make a copy of the CD 1802 for theirown use, without having to download the Content 113 from the ContentHosting Site(s) 111. This enables very fast propagation of PromotionalPackage 1801 between friends and associates. Rather than returning tothe store or downloading Content 113 over the Internet, the friend cancreate a copy of the Content 113 encrypted on CD 1802 using the processflow described in FIG. 19 below. Besides the Content 113, the PlayerApplication 195 can also be delivered on the CD 1802, to permit fastpropagation of the Player Application 195 through a community.

3. Delivery to a Third Party from an End User

In yet another embodiment, the Promotional Package 1801 can be E-mailedbetween end users. Although the transmission of compressed files isstill slow over telephone lines today. In the further higher speednetworks such as Cable-Modems will increase the capacity. By givingusers the ability to E-mail the Promotional Packages 1801 to others, theContent 113 can be purchased by anyone in the E-mail list.

B. Application Installation

The Player Application 195 and the Helper Application 1981 are packagedinto a self installing executable program which is available fordownload from many web sites or via the embodiment above in the sectionX.A.3 Delivery Over Computer Readable Medium. The Clearinghouse(s) 105acts as a central location which hosts the master download page at apublic web site. It contains links to the locations from which theinstallation package can be downloaded. The installation package isavailable at all Content Hosting Site(s) 111 to provide geographicdispersal of the download requests. Each participating ElectronicDigital Content Store(s) 103 can also make the package available fordownload from their site or may just provide a link to the masterdownload page at the public web site of the Clearinghouse(s) 105.

Any End-User(s) wishing to purchase downloadable Content 113, downloadsand install this package. The installation is self contained in thisdownloadable package. It unpacks and installs both the HelperApplication 198 and the Player Application 195 and also configure theHelper Application 198 to the installed Web Browser(s).

As part of the installation, a Public/Private Key 661 pair is createdfor the End-User Device(s) 109 for use in processing Order and LicenseSC(s) 660. A random Symmetric Key (Secret User Key) is also generatedfor use in protecting song encryption keys in the License Database 197.The Secret User Key (not shown) is protected by breaking the key intomultiple parts and storing pieces of the key in multiple locationsthroughout the End-User(s)' computer. This area of the code is protectedwith Tamper Resistant Software technology so as not to divulge how thekey is segmented and where it is stored. Preventing access to this keyby even the End-User(s) helps to prevent piracy or sharing of theContent 113 with other computers. See the SC(s) Processor 192 sectionfor more details on how these keys are used.

Tamper-resistant software technology is a method to deter unauthorizedentry into a computer software application by a hacker. Typically ahacker wants to understand and/or modify the software to remove therestrictions on the usage. In practicality, no computer program existsthat cannot be hacked; that is why tamper-resistant software is notcalled “tamper-proof”. But the amount of effort required to hack atamper-resistance protect application usually deters most hackersbecause the effort is not worth the possible gain. Here the effort wouldbe to gain access to a key to one piece of Content 113, perhaps a singlesong on a CD.

One type of tamper-resistant software technology is from IBM. Oneproduct this code was introduced is in the IBM ThinkPad 770 laptopcomputer. Here, the tamper-resistant software was used to protect theDVD movie player in the computer. Digital Content Provider(s) such asHollywood studios, concerned about the advent of digital movies and theease at which perfect copies can be made, have insisted that movies onDVD disc(s) contain copy protection mechanisms. IBM's tamper-resistantsoftware made it difficult to circumvent these copy protectionmechanisms. This is a very typical application for tamper-resistantsoftware; the software is used to enforce rules on the usage of someprotected type of Content 113.

IBM's tamper-resistant software puts several types of obstacles in thepath of the attacker. First, it contains techniques to defeat, or atleast reduce the effectiveness of, the standard software tools that thehacker uses: debuggers and disassemblers. Second it containsself-integrity checking, so that single modifications, or even smallhandfuls of modifications, will be detected and cause incorrectoperation. Finally, it contains obfuscations to mislead hackersregarding its true operation. The latter technique is largely ad hoc,but the first two build upon well-known tools in cryptography:encryption and digital signatures.

C. Secure Container Processor 192

When the End-User(s) submits the final purchase authorization to theElectronic Digital Content Store(s) 103 for the merchandise he hascollected in his shopping cart, his Web Browser remains active waitingfor a response from the Web Server. The Web Server at the ElectronicDigital Content Store(s) 103 processes the purchase and performs thefinancial settlement and then returns a Transaction SC(s) 640 to theEnd-User Device(s) 109. The SC(s) Processor 192 (Helper Application 198)is launched by the Web Browser to process the SC(s) mime type associatedwith the Transaction SC(s) 640. FIG. 14 is an example of user interfacescreens of the Player Application 195 downloading content to a locallibrary as described in FIG. 10 according to the present invention.

The SC(s) Processor 192 opens the Transaction SC(s) 640 and extract theResponse HTML page and Offer SC(s) 641 contained within. The ResponseHTML page is displayed in the Browser window acknowledging theEnd-User(s)' purchase. The Offer SC(s) 641 are then opened and theContent 113 (e.g. song or album) names along with the projected downloadtimes are extracted from them, step 1401. A new window is then displayedwith this information and the End-User(s) is presented with options toschedule the download(s) of the Content 113 (e.g. for music, songs orentire albums), step 1402. The End-User(s) can select immediate downloador can schedule the download to occur at a later time. If a later timeis selected, the download schedule information is saved in a log and thedownload is initiated at the scheduled time if the End-User Device(s)109 is powered on at that time. If the computer is not active at thescheduled download time or the communication link is not active, theEnd-User(s) is prompted to reschedule the download when the computer isnext powered up.

When the scheduled download time occurs or if immediate download wasrequested, the SC(s) Processor 192 creates Order SC(s) 650 frominformation in the Transaction SC(s) 640, Offer SC(s) 641, and thePublic Key 661 of the End-User(s) generated at install time. This OrderSC(s) 650 is sent via HTTP request to the Clearinghouse(s) 105. When theClearinghouse(s) 105 returns the License SC(s) 660, the HelperApplication 198 is re-invoked to process the License SC(s) 660. TheLicense SC(s) 660 is then opened and the URL of the Content HostingSite(s) 111 is extracted from the referenced Order SC(s) 650. TheLicense SC(s) 660 is then sent to the specified Content Hosting Site111, via http request through the Browser, requesting download of theContent SC(s) 630. When the Content SC(s) 630 comes back to the Browser,the Helper Application 198 is re-invoked again. The SC(s) Processor 192displays the name of the Content 113 being downloaded along with adownload progress indicator and an estimated time to completion.

As the Content 113 is being received by the SC(s) Processor 192, itloads the Content 113 data into memory buffers for decryption. The sizeof the buffers depends on the requirements of the encryption algorithmand watermarking technology 193 and is the minimum size possible toreduce the amount of unencrypted Content 113 exposed to hacker code. Asa buffer is filled, it is decrypted using the Key 623 (corresponding tothe Public Key 661) of the End-User(s) extracted from the License SC(s)660, which itself is first decrypted using the Private Key. Thedecrypted buffer is then passed to the watermarking function.

The watermarking 193 extracts the watermarking instructions from theLicense SC(s) 660 and decrypt the instructions using the Private Key ofthe End-User(s). The watermarking data is then extracted from theLicense SC(s) 660 which includes transaction information such as thepurchaser's name as registered with the Electronic Digital ContentStore(s) 103 from which this Content 113 was purchased or derived fromthe credit card registration information if the Electronic DigitalContent Store(s) 103 does not provide a registration function. Alsoincluded in the watermark is the purchase date and the Transaction ID535 assigned by the Electronic Digital Content Store(s) 103 to referencethe specific records logged for this transaction. The Store UsageConditions 519 are also included to be used by the Copy Control of thePlayer Application 195.

The Watermarking 193 is protected with Tamper Resistant Code technologyso as not to divulge the watermarking instructions thus preventing ahacker from discovering the location and technique of the watermark.This prevents removal or modification of the watermark by a hacker.

After inscribing any required watermark to this content buffer, thebuffer is passed to the scrambling function for Re-Encryption 194. Aprocessor efficient secure encryption algorithm such as IBM's SEALencryption technology is used to re-encrypt the Content 113 using arandom Symmetric Key. Once the download and Decryption and Re-Encryption194 process is complete, the encryption Key 623 used by the ContentProvider(s) 101 to originally encrypt the Content 113 is now destroyedand the new SEAL key is itself encrypted using the Secret User Keycreated and hidden at installation time. This new encrypted Seal Key isnow stored in the License Database 107.

Unlike source performed at the Content Provider(s) 101 and userwatermarking performed at the End User Device(s) 109 may need to becomean industry standard to be effective. These standards are stillevolving. The technology is available to allow control information to beembedded in the music and updated a number of times. Until such time asthe copy control standards are more stable, alternative methods of copycontrol have been provided in the Secure Digital Content ElectronicDistribution System 100 so that it does not rely on the copy controlwatermark in order to provide rights management in the consumer device.Storage and p lay/record usage conditions security is implementedutilizing encrypted DC Library Collections 196 that are tied to the EndUser Device(s) 109 and protected via the Tamper Resistant Environment.Software hooks are in place to support copy control watermarking whenstandards have been adopted. Support exists today for watermarking AACand other encoded audio streams at a variety of compression levels butthis technology is still somewhat immature at this time to be put to useas a sole method of copy control.

The Decryption and Re-Encryption 194 process is another area of the codethat is protected with Tamper Resistant Code technology so as not todivulge the original Content 113 encryption key, the new SEAL key, theSecret User Key, and where the Secret User Key segments are stored andhow the key is segmented.

The process of Decryption and Re-Encryption 194 serves two purposes.Storing the Content 113 encrypted with an algorithm like SEAL enablesfaster than real-time decryption and requires much less processorutilization to perform the decryption than does a more industry standardtype algorithm like DES. This enables the Player Application 195 toperform a real-time concurrent decryption-decode-playback of the Content113 without the need to first decrypt the entire file for the Content113 prior to decode and playback. The efficiency of the SEAL algorithmand a highly efficient decode algorithm, allows not only concurrentoperation (streaming playback from the encrypted file) but also allowsthis process to occur on a much lower powered system processor. Thusthis application can be supported on a End-User Device(s) 109 as low endas a 60 MHz Pentium system and perhaps lower. Separating the encryptionformat in which the Content 113 is finally stored from the originalencryption format, allows for greater flexibility in the selection ofthe original content encryption algorithm. Thus use of widely acceptedand proven industry standard algorithms can be used thus furtherenhancing Digital Content Industry acceptance of the Secure DigitalContent Electronic Distribution System 100.

The second purpose of this Decryption and Re-Encryption 194 process isto remove the requirement that the original master encryption Key 623,used by the Content Provider(s) 101 to encrypt this Content 113, bestored on every End-User Device(s) 109 which has licensed this Content113. The encrypted master Key 623, as part of the License SC(s) 660, isonly cached on the hard disk of the End-User Device(s) 109 for a veryshort time and is in the clear only in memory and for a very short time.During this execution phase, the Key 623 is protected via TamperResistant Code technology. Not having to retain this Key 623 in any formon the End-User Device(s) 109 once this Decryption and Re-Encryption 194phase has completed, greatly lessens the possibility of piracy fromhackers.

Once the song has been re-encrypted, it is stored in the Digital ContentLibrary 196. All metadata required for use by the Player Application195, is extracted from the associated Offer SC(s) 641 and also stored inthe Digital Content Library 196, step 1403. Any parts of the metadatawhich are encrypted, such as the song lyrics, are decrypted andre-encrypted in the same manner as described above for the othercontent. The same SEAL key used to encrypt the Content 113 is used forany associated metadata needing to be encrypted.

D. The Player Application 195

1. Overview

The Secure Digital Content Electronic Distribution Player Application195 (referred to here as the Player Application 195) is analogous toboth a CD, DVD or other Digital Content player and to a CD, DVD, orother digital content storage management system. At its simplest, itperforms Content 113, such as playing songs or videos. At another level,it provides the End-User(s) a tool for managing his/her Digital ContentLibrary 196. And just as importantly, it provides for editing andplaying of collections of content, such as songs, (referred to here asPlay-lists).

The Player Application 195 is assembled from a collection of componentsthat may be individually selected and customized to the requirements ofthe Content Provider(s) 101 and Electronic Digital Content Store(s) 103.A generic version of the player is described, but customization ispossible.

Referring now to FIG. 15 there is shown a block diagram of the majorcomponents and processes of the Player Application 195 running onEnd-User Device(s) 109 of FIG. 10.

There are several component-sets that make up the subsystems of thePlayer Object Manager 1501:

-   1. End-User Interface Components 1509-   2. Copy/Play Management Components 1504-   3. Decryption 1505, Decompression 1506, Playback Components 1507 and    may include recording.-   4. Data Management 1502 and Library Access Components 1503-   5. Inter-application Communication Components 1508-   6. Other miscellaneous (Installation, etc) Components    Components from within each of these sets may be selected, based on    the requirements of:-   the platform (Windows, Unix, or equivalent)-   communications protocols (network, cable, etc)-   Content Provider(s) 101 or Electronic Digital Content Store(s) 103-   Hardware (CD, DVD, etc)-   Clearinghouse(s) 105 technology and more.

The sections below detail the various component sets. The final sectiondetails how these components are put together in the generic player, anddiscusses how the components can be customized.

In another embodiment, the components of the Player Application 195 andthe SC(s) Processor 192 are available as part of a programmer's softwaretoolkit. This toolkit enables predefined interfaces to the components ofthe generic player application listed above. These predefined interfacesare in the form of APIs or Application Programming Interfaces. Adeveloper using these APIs can implement any of the functionality of thecomponents from a high level application program. By providing APIs tothese components, a programmer can quickly develop a customized PlayerApplication 195 without the need to re-created these functions andresources of any of these components.

2. End-User Interface Components 1509

Components from this set combine to provide the on-screen manifestationof the Player Application 195. Note that the design establishes nodefinitive layout of these components. One such layout is provided inthe generic player. Based on requirements from Content Provider(s) 101and/or Electronic Digital Content Store(s) and other requirements,alternate layouts are possible.

This set is grouped into subgroups, starting with the components used topresent End-User Display 1510 and handle controls called End-UserControls 1511 used for such low-level functions as audio playback, andpresentation of metadata. Next, the End-User Display Component 1510 isfurther divided by special function groupings (Play-list, DigitalContent Library), and then object-container components used for groupingand placing of those lower-level components.

Within the component listings below, any reference to creating CDS orcopying of Content 113 to a CD or other recordable medium only appliesto the case where the Player Application 195 has such functionalityenabled. Also note that the term CD in that context is a generic one,that can also represent various other external recording devices, suchas MiniDisc or DVD.

FIG. 16 is an example user interface screens of the Player Application195 of FIG. 15 according to the present invention. Function for theEnd-User Controls 1511 include (corresponding screens of an End-UserInterface are shown 1601–1605):

Controls for performing the Content 113:

-   Play/Stop button-   Play button-   Stop button-   Pause button-   Skip forward button-   Skip backward button-   Volume control-   Track position control/display-   Audio channel volume level display and more.

Controls for the displaying metadata associated with the Content 113

-   Cover Picture button-   Cover Picture object-   Artist Picture button-   Artist Picture object-   Track List button-   Track List Information object-   Track List Selector object (click to play)-   Track Name object-   Track Information object-   Track Lyrics button-   Track Lyrics object-   Track Artist Name object-   Track Credits button-   Track Credits object-   CD Name object-   CD Credits button-   CD Credits object-   Generic (Configurable) Metadata button-   Generic Metadata object and more.

Function for the End-User Display 1510 include (corresponding screens ofan End-User Interface are shown 1601–1605):

Play-list of display container

-   Play-list Management button-   Play-list Management window-   Digital Content search button-   Digital Content search Definition object-   Digital Content search Submit button-   Digital Content search Results object-   Copy Selected Search Result Item To Play-list button-   Play-list object (editable)-   Play-list Save button-   Play-list Play button-   Play-list Pause button-   Play-list Restart button-   Create CD from Play-list button and more.

Display of Digital Content Library 196

-   Digital content library button-   Digital content librarian window-   Digital content categories button-   Digital content categories object-   By-artist button-   By-genre button-   By-label button-   By-category button-   Delete button-   Add-to-Play-list button-   Copy to CD button-   Song List object-   Song List display container and more

Containers and Misc.

-   Player window container-   Audio controls container-   Metadata controls container-   Metadata display container-   Toolbar container object-   Sample button-   Download button-   Purchase button-   Record button-   Player Name object-   Label/Provider/Store Advertisement object-   Label/Provider/Store URL button-   Artist URL Button and more    3. Copy/Play Management Components 1504

These components handle set up of encryption keys, Watermark processing,Copy management, and more. Interfaces also exist for communication withthe Clearinghouse(s) 105, transmission of purchase requests, and more,for special services such as pay per listen or cases where each accessto the Content 113 is accounted for. Currently, the communications tothe Clearinghouse(s) 105 functions are handled by the SC(s) Processor192.

The use of the Content 113 by the Player Applications 195 on End UserDevice(s) 109 is logged into a database such as the License Database197. The tracking of each use of Content 113 by the Player Application195 can be transmitted to one or more logging sites such as the ClearingHouse(s) 105 or Content Provider(s) 101 or Electronic Digital ContentStore(s) 103 or any site designated and coupled to TransmissionInfrastructures 107. This transmission can be scheduled at predeterminedtimes to upload the usage information to a logging site. Onepredetermined time contemplated is early in the morning whenTransmission Infrastructures 107 may not be as congested with networktraffic. The Player Application 195 using known techniques, wakes-up ata scheduled time, and transmit the information from the local loggingdatabase to the logging site. By reviewing the logging site information,the Content Provider(s) 101 can measure the popularity of their Content113.

In another embodiment, the instead of logging the usage of Content 113for later uploading to a logging site, the use of the Content 113 isuploaded to the logging site during every use of the Content 113. Forexample, when duplicating or copying the Content 113 stored at the EndUser Device(s) 109, on to an external device such as DVD Disc, digitaltape, flash memory, mini Disc or equivalent read/writeable removablemedia, the use is updates to the logging site. This maybe a preconditionto copying the Content 113 in the usage conditions 206 that istransmitted when the Content 113 is purchased. This ensures the ContentProvider(s) 101 can accurately track the usage of their Content 113during their playing, duplicating or other actions upon the Content 113.

In addition, other information about the Content 113 can be uploaded tothe logging site. For example the last time (e.g., hour and day) theContent 113 was performed; how many times the Content 113 was performed;if the Content 113 has been duplicated or copied to an authorizedexternal device such as DVD Disc, digital tape or mini-Disc. In caseswhere there are multiple distinct users of a single Player Application195 on the End User Device(s) 109, such as different members of afamily, the identifications of the user of the Content 113 istransmitted along with the usage information to the logging site. Byreviewing the usage information uploaded to the logging site, theContent Provider(s) 101 can measure the popularity of the Content 113base on the actual usage, the identification of the user and the numberof times the Content 113 has been performed. The actual usagemeasurement makes this system more factual driven over systems usingsampling methods, such as a Nielsen Rating scheme for televisions, ortelephone surveys, where only a limited number of users are sampled atany one time and the results extrapolated. In this present embodiment,the actual usage can be measures for the users logging back onto adesignated web site such as the Electronic Digital Content Store(s) 103or Content Provider(s) 101.

The embodiment where the Transaction SC(s) 640 contains geographicallytargeted advertisement is now described. As described previously forFIG. 22 the Geographically Associated Advertisement 2202 has beenassociated with the Content 113 based upon the location of the End UserDevice(s) 109. Process flow 2300 illustrates how the advertisement ishandled once it is downloaded. The process begins with a test todetermine if the Transaction SC(s) 640 contains one or more GeographicalUsage Conditions 2006, steps 2302 and 2304. If there are no GeographicUsage Conditions 2006, the process flow terminates. Next, a test isperformed to see if the end user's action such as playing, or copying,or re-sending the Content 113 is an action that triggers theGeographically Associated Advertisement 2006 is rendered, step 2306. Inthe case that there is not a trigger the flow loops as shown until atrigger is available. Next a series of tests are performed to render theGeographically Associated Advertisement 2006 on the End User Device(s)109. The first test determines if there is any advertisement for displayin step 2308 and if there is advertisement for display then theGeographically Associated Advertisement 2006 is presented in step 2310.The presentation can be a simple banner, a movie, a pop-up or a othermultimedia presentation. Next, a test is made in step 2312 is there anyGeographically Associated Advertisements 2006 for printing, step 2312and if there are then a coupon or other special offer is printed on theEnd User Device(s) 109, in step 2314. Next, in step 2316, a check ismade to see if there are any Geographically Associated Advertisements2006 for e-mail to another end user(s). In this embodiment, the end usersending the Geographically Associated Advertisement 2006 to a personmeeting the same may receive credit back from the Electronic DigitalContent Store(s) 103 when the e-mail recipient “buys” or “purchases” agood or service. The process flow 2300 terminates on step 2320.

4. Decryption 1505, Decompression 1506 and Playback Components 1506

These components use the keys acquired by the Copy/Play Managementcomponents to unlock the audio data acquired from the Data Managementand Library Access components, apply the appropriate decompression toprepare it for playback, and use system audio services to play it. In analternate embodiment, the audio data acquired from the Data Managementand Library Access components may be copied to removable media such asCDS, diskettes, tapes or MiniDisks.

5. Data Management 1502 and Library Access Components 1503

These components are used to store and retrieve song data on variousstorage devices on the End-User(s)'system, as well as handle requestsfor information about the stored songs.

6. Inter-application Communication Components 1508

These components are used for coordination between the Secure DigitalContent Electronic Distribution Player and other applications (e.g.,Browser, helper-app and/or plug-in, etc) that may invoke the PlayerApplication 195, or that the Player Application 195 needs to use whencarrying out its functions. For example, when a URL control isactivated, it invokes the appropriate browser and instruct it to loadthe appropriate page.

7. Other Miscellaneous Components

Individual components that don t fall into the categories above (e.g.,Installation) are grouped here.

8. The Generic Player

In this section the combining of the components above into aversion ofthe Player Application 195 is discussed. This is just one of manydifferent examples possible, since the Player Application 195 isdesigned for customization by being based on software objects. ThePlayer Object Manager 1501 is a software framework holding all the othercomponents together. As discussed in the sections above, the blocksbelow the Player Object Manager 1501 in this diagram are required forany player, but may be replaced by specialized versions depending onsuch things as form of encryption or scrambling being used, types ofaudio compression, access methods for the Content 113 library, and more.

Above the Player Object Manager 1501 are Variable Objects 1512, whichare mostly derived from the metadata associated with the Content 113being played or searched. These Variable Objects are made available tothe End-User Device(s) 109 byway of the End-User Display 1510 andreceived input from the End-User Controls 1511. All objects areconfigurable, and the layouts of all containers are customizable. Theseobjects maybe implemented in C/C++, Java or any equivalent programminglanguage.

Using the Player Application 195

The following embodiment is for an example where the Player Application195 running on End-User Device(s) 109 is an audio player where Content113 is music. It should be understood to those skilled in the art thatother types of Content 113 can be supported by the Player Application195. A typical audio enthusiast has a library of CDS holding songs. Allof these are available within the Secure Digital Content ElectronicDistribution System 100. The set of songs that have been purchased fromElectronic Digital Content Store(s) 103 are stored within a DigitalContent Library 196 on his or her system. The groupings of songs thatare analogous to physical CDS are stored as Play-lists. In some cases aPlay-list exactly emulates a CD (e.g., all tracks of a commerciallyavailable CD has been purchased from an Electronic Digital ContentStore(s) 103 as an on-line version of the CD and is defined by aPlay-list equivalent to that of the CD). But most Play-lists is puttogether by End-User(s) to group songs they have stored in the DigitalContent Libraries on their systems. However for the purposes of theensuing discussions, an example of a custom made music CD is used whenthe term a Play-list is mentioned.

When the End-User(s) starts the Player Application 195 explicitly,rather than having it start up via invocation from the SC(s) Processor192 Application, it pre-loads to the last Play-list that was accessed.If no Play-lists exist in the Digital Content Library 196, the Play-listeditor is started automatically (unless the user has turned off thisfeature via a preference setting). See The Play-list, below for furtherdetails.

The Player Application 195 may also be invoked with a specific song asan argument, in which case it immediately enters Song-play mode.Optionally, the song maybe prepared for play but await action by theEnd-User(s) before proceeding. See Song Play, below for more on thissituation.

The Play-list (corresponding screen of an End-User Interface 1603):

When the End-User(s) has invoked the Play-list function, these are theavailable functions:

-   Open Play-list-   Digital Content Librarian is invoked to display a list of stored    Play-lists for selection. Also see Digital Content Librarian below    for more info.-   Edit Play-list-   Invokes the Play-list Editor (see below), primed with the current    Play-list if one has been loaded already. Otherwise the editor    creates an empty Play-list to start with.-   Run Play-list-   Songs are played one at a time starting with the selected song (or    the beginning of the play-list, if no song is selected). Options set    in the Play-list Editor affect the sequencing of the playback.    However there is controls available here to override those options    for this play of the Play-list.-   Play song-   Only the selected song from the Play-list is played. See Song Play    below for more info.-   Play-list Info-   Display information about the Play-list.-   Song Info-   Display information about the selected song within the Play-list.-   Visit web site-   Load web site associated with this Play-list into browser.-   Librarian-   Open the Digital Content Librarian window. Also see Digital Content    Librarian below for more info.

The Play-list Editor (corresponding screen of an End-User Interface1603):

When invoking the Play-list editor, these are the End-User(s)' options:

-   View/Load/Delete Play-lists-   Digital Content Librarian is invoked to display a list of stored    Play-lists for selection of one to load or delete. Also see Digital    Content Librarian below for more info.-   Save Play-list-   Current version of Play-list is saved in the Digital Content Library    196.-   Delete Song-   Currently selected song is deleted from Play-list.-   Add Song-   Digital Content Librarian is invoked in song-search mode, for    selection of song to add to the Play-list. Also see Digital Content    Librarian below for more info.-   Set Song Information-   Display and allow changes to information about the selected song    within the play-list. This information is stored within the    Play-list, and does not alter information about the song stored    within the Digital Content Library 196. These things can be changed:-   Displayed Song Title-   End-User(s) notes about the song-   Lead-in delay on playing the song-   Follow-on delay after playing the song-   Start-point within song when playing-   End-point within song when playing-   Weighting for random mode-   Volume adjustment for this song and more.

Set Play-list attributes: Display and allow changes to the attributes ofthis Play-list. These attributes may be set:

-   Play-list title-   Play-list mode (random, sequential, etc)-   Repeat mode (play once, restart when done, etc)-   End-User(s) notes about this Play-list

Librarian (corresponding screen of an End-User Interface 1601):

-   Open the Digital Content Librarian window. Also see Digital Content    Librarian below for more info.    Song Play

When a song has been prepared for play, either by invoking the PlayerApplication 195 with the song as an argument or by selecting a song forplay from a Play-list or within the Digital Content Librarian, these arethe End-User(s)' options: (corresponding screen of an End-User Interface1601):

-   Play-   Pause-   Stop-   Skip Backward-   Skip Forward-   Adjust Volume-   Adjust Track Position-   View Lyrics-   View Credits-   View CD Cover-   View Artist Picture-   View Track Information-   View other metadata-   Visit web site-   Play-list-   Librarian and more.    Digital Content Librarian

The Digital Content Librarian can be invoked implicitly when selectingsongs or Play-lists (see above) or may be opened in its own window formanagement of the Song Library on the End-User(s)' system. In that case,these are the End-User(s)' options:

Working with songs:

-   -   Sort All by Artist, Category, Label, other    -   Select Songs by Artist, Category, Label, other    -   Add selected songs to Current Play-list    -   Copy Song to CD (if enabled)    -   Delete Song    -   Add Song to Category and more.

Work with Play-lists:

-   -   Sort by Name    -   Sort by Category    -   Search by Keyword    -   Search by Included Song Title    -   Load Selected Play-list    -   Rename Play-list    -   Delete Play-list    -   Create CD from Selected Play-list (if enabled) and more.

Although a specific embodiment of the invention has been disclosed, itwill be understood by those having skill in the art that changes can bemade to this specific embodiment without departing from the spirit andscope of the invention. The scope of the invention is not to berestricted, therefore, to the specific embodiment, and it is intendedthat the appended claims cover any and all such applications,modifications, and embodiments within the scope of the presentinvention.

1. A computer implemented method to target advertisement to be sentalong with encrypted digital content, the method comprising the stepsof: accepting an end user request from an end user for delivery of anencrypted digital content; charging a payment account for the encrypteddigital content; determining, using an address verification systemoperated by a third party during payment clearing, a payment clearingaddress of the end user based upon the payment account; associating oneor more pieces of advertisement with the encrypted digital content ifthe payment clearing address is in a predetermined geographic region;and delivering, in response to the charging, the encrypted digitalcontent and the one or more pieces of the advertisement to the end user.2. The computer implemented method according to claim 1, wherein thestep of associating the one or more pieces of advertisement includesassociating advertisement with the encrypted digital content if thepayment clearing address is in a predetermined geographic region and oneor more usage conditions for the encrypted digital content authorizesthe advertisement to be associated with the predetermined geographicalregion.
 3. The computer implemented method according to claim 1, furthercomprising the steps of: determining a geographical location of an enduser device based upon an IP address of the end user device used by theend user and wherein the step of associating the one or more pieces ofadvertisement includes associating advertisement with the encrypteddigital content if the payment clearing address is in the predeterminedgeographic region or if the geographical location of the end user deviceis in the predetermined geographic region.
 4. The computer implementedmethod according to claim 1, further comprising the steps of:determining a geographical location of an end user device based upon anIP address of the end user device used by the end user, and wherein thestep of associating the one or more pieces of advertisement includesassociating advertisement with the encrypted digital content if thepayment clearing address is in the predetermined geographic region andif the geographical location of the end user device is in thepredetermined geographic region.
 5. The computer implemented methodaccording to claim 3, wherein the step of determining a geographicallocation of an end user device based upon an IP address of the end userdevice includes at least one of the following sub-steps: querying one ormore IP addresses in IP databases provided by third parties; checkingone or more country codes found in the trace routes to the IP addressbeing determined; and using preassigned country allocations for class CIP addresses.
 6. The computer implemented method according to claim 4,wherein the step of determining a geographical location of an end userdevice based upon an IP address of the end user device includescomputing a confidence for the IP address comprising the sub-steps of:performing a network trace route to an end user device; querying one ormore IP addresses of hops other than an IP address of the end userdevice within in the network trace route in IP databases provided bythird parties; checking one or more country codes of the one or more IPaddresses other than the IP address of the end user device found in thetrace route; wherein the confidence is computed based upon other IPaddresses returned for the geographic region being determined.
 7. Acomputer implemented method at a content authoring site for setting oneor more geographic usage conditions for advertisement to be sent alongwith encrypted digital content, the method comprising the steps of:receiving, at a processor, a geographic region in which to deliver oneor more pieces of advertisement in association with encrypted digitalcontent; setting one or more conditions for the advertisement associatedwith digital content, wherein the conditions are selected from a groupof conditions consisting of a time period when the advertisement ispresented, the number of times the advertisement is presented, whetherthe printing of coupons and other offers is permitted, and whether thesending of advertisement from the end user device receiving theadvertisement to another end user device is permitted; accepting an enduser request from the end user device for delivery of an encrypteddigital content; charging a payment account for the encrypted digitalcontent; determining, using an address verification system operated by athird party during payment clearing, a payment clearing address of theend user based upon the payment account; and associating the one or morepieces of advertisement with the encrypted digital content for deliveryto the end user if the payment clearing address is in the geographicregion.
 8. A computer implemented method at an online store to targetadvertisement to be sent along with encrypted digital content, themethod comprising the steps of: determining a geographical location ofan end user device requesting delivery of encrypted digital content byperforming the sub-steps of: performing a network trace route to the enduser device; querying one or more IP addresses of hops, other than an IPaddress of the end user device, found in the network trace route in IPdatabases provided by: checking one or more country codes for the one ormore IP addresses of the hops found in the network trace mute; anddetermining the geographical location of the end user using preassignedcountry allocations for class C IP addresses of the one or more IPaddresses; and associating one or more pieces of advertisement with theencrypted digital content if the geographical location of the end userdevice is in a predetermined geographic region.
 9. A computer readablemedium containing programming instructions for an online store to targetadvertisement to be sent along with encrypted digital content, theprogramming instruction comprising: determining a geographical locationof an end user device requesting delivery of an encrypted digitalcontent by: performing a network trace route to the end user device;querying one or more IP addresses of hops, other than an IP address ofthe end user device, found in the network trace mute in IP databasesprovided by third parties; checking one or more country codes of the oneor more IP addresses of that other than the IP address of the end userdevice found in the trace mute; and determining the geographicallocation of the end user device by using preassigned country allocationsfor class C IP addresses of the one or more IP addresses; andassociating one or more pieces of advertisement with the encrypteddigital content if the geographical location of the end user device isin a predetermined geographic region.
 10. The computer readable mediumof claim 9, wherein the programming instruction of associating the oneor more pieces of advertisement includes associating advertisement withthe encrypted digital content if the geographical location of the enduser device is in a predetermined geographic region and one or moreusage conditions for the encrypted digital content authorizes theadvertisement to be associated with the geographical region of the enduser device requesting the encrypted digital content.
 11. The computerreadable medium of claim 9, further comprising instructions for:determining, using an address verification system operated by a thirdparty during payment clearing, a payment cleaning address of the enduser, wherein the end user sends a request via the end user device fordelivery of encrypted digital content; and wherein the programminginstruction for associating the one or more pieces of advertisementinclude instructions for associating advertisement with the encrypteddigital content if the geographical location is in the predeterminedgeographic region or if the payment clearing address is in thepredetermined geographic region.
 12. The computer readable medium ofclaim 9, further comprising the instruction of: determining, using anaddress verification system operated by a third party during paymentclearing, a payment clearing address of the end user, wherein the enduser sends a request via the end user device for the delivery ofencrypted digital content; and wherein the programming instruction forassociating the one or more pieces of advertisement include instructionsfor associating advertisement with the encrypted digital content if thegeographical location is in the predetermined geographic region and ifthe payment clearing address is in the predetermined geographic region.13. A computer readable medium containing programming instruction forauthoring content at an content authoring site for setting one or moregeographic usage conditions for advertisement to be sent along withencrypted digital content, the instructions comprising: receiving apredetermined geographic region for presenting a selected advertisementin association with encrypted digital content; setting one or moreconditions for the advertisement associated with the digital content,wherein the conditions are selected from a group of conditionsconsisting of a time period when the advertisement is presented, thenumber of times the advertisement is presented, whether the printing ofcoupons and other offers is permitted, and whether the sending ofadvertisement from the end user device receiving the advertisement toanother end user device is permitted; accepting an end user request froman end user device for the delivery of an encrypted digital content;charging a payment account for the encrypted digital content;determining, using an address verification system operated by a thirdparty during payment clearing, a payment clearing address for thepayment account of the end user; and associating the selectedadvertisement with the encrypted digital content if the payment clearingaddress is in the predetermined geographic region.
 14. An informationprocessing system for hosting an online store to target advertisement tobe sent along with encrypted digital content, the system comprising: annetwork interface to couple at least one end user device, wherein theend user device requests delivery of encrypted digital content; anaddress verification system including a means for determininggeographical location of the end user device requesting the delivery ofencrypted digital content, the address verification system includingmeans for performing a network trace route to the end user device;querying one or more IP addresses of that other than an IP address ofthe end user device found n the network trace route in IP databasesprovided by third parties; checking one or more country codes for theone or more IP addresses of hops other than the IP address of the enduser device found in the network trace route; and determining thegeographical location of the end user using preassigned countryallocations for class C IP addresses of the one or more IP addresses;and means for associating one or more pieces of advertisement with theencrypted digital content if the geographical location is in apredetermined geographic region.
 15. The information processing systemaccording to claim 14, wherein the means for associating the one or morepieces of advertisement includes associating advertisement with theencrypted digital content if the geographical location is in apredetermined geographic region and one or more usage conditions for theencrypted digital content authorizes the advertisement to be associatedwith the geographical region of the end user device requesting theencrypted digital content.
 16. The computer implemented method accordingto claim 8, wherein the step of associating the one or more pieces ofadvertisement includes associating advertisement with the encrypteddigital content if the geographical location is in a predeterminedgeographic region and one or more usage conditions for the encrypteddigital content authorizes the advertisement to be associated with thegeographical region of the end user device requesting the encrypteddigital content.
 17. An information processing system for authoringcontent and for setting one or more geographic usage conditions foradvertisement to be sent along with encrypted digital content, theinstructions comprising: means for receiving a geographic region inwhich to deliver one or more pieces of advertisement in association withencrypted digital content; means for setting one or more conditions forthe advertisement associated with digital content, wherein theconditions are selected from a group of conditions consisting of a timeperiod when the advertisement is presented, the number of times theadvertisement is presented, whether the printing of coupons and otheroffers is permitted, and whether the sending of advertisement from theend user device receiving the advertisement to another end user deviceis permitted; means for accepting an end user request from the end userdevice for delivery of an encrypted digital content; means for charginga payment account for the encrypted digital content; means fordetermining, using an address verification system operated by a thirdparty during payment clearing, a payment clearing address of the enduser based upon the payment account; and means for associating one ormore pieces of advertisement with the encrypted digital content fordelivery to the end user if the payment clearing address is in thegeographic region.